https://bugzilla.redhat.com/show_bug.cgi?id=973512
Bug ID: 973512 Summary: programs in ghc-compiler package have an executable stack Product: Fedora Version: 19 Component: ghc Severity: unspecified Priority: unspecified Assignee: petersen@redhat.com Reporter: dkholia@redhat.com QA Contact: extras-qa@fedoraproject.org CC: bos@serpentine.com, haskell-devel@lists.fedoraproject.org, petersen@redhat.com
Description of problem:
Many programs in the ghc-compiler package have an executable stack.
"This makes it susceptible to stack based exploits should another weakness be found in the affected programs" (Steve Grubb).
Version-Release number of selected component (if applicable):
ghc-compiler-7.4.2-11.fc19
How reproducible:
You can use following programs to check if a package is hardened:
http://people.redhat.com/sgrubb/files/rpm-chksec
OR
https://github.com/kholia/checksec
Steps to Reproduce:
Get scanner.py from https://github.com/kholia/checksec
$ ./scanner.py ghc-compiler-7.4.2-11.fc19.x86_64.rpm ... ghc-compiler,ghc-compiler-7.4.2-11.fc19.x86_64.rpm,/usr/lib64/ghc-7.4.2/ghc,mode=0100755,NX=Disabled,CANARY=Disabled,RELRO=Partial,PIE=Disabled,RPATH=Disabled,RUNPATH=Disabled,FORTIFY=Disabled,CATEGORY=None
Notice "NX=Disabled" field.
Upstream fixed this "bug" 4 years back. See http://hackage.haskell.org/trac/ghc/ticket/703