# Install execstack with Homebrew, dnf, apt, zypper

Utility to set/clear/query executable stack bit. Version 20130503 via Homebrew; verified 2026-07-03.

## Install

```sh
sudo av install brew:execstack
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install execstack
```

  Evidence: local Homebrew formula metadata

### Linux

- dnf (92%):

```sh
sudo dnf install execstack
```

  Evidence: Fedora Rawhide package metadata: execstack from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Ubuntu apt (92%):

```sh
sudo apt install execstack
```

  Evidence: Ubuntu 24.04 LTS package indexes: execstack from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz

- zypper (92%):

```sh
sudo zypper install execstack
```

  Evidence: openSUSE Tumbleweed package metadata: execstack from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:execstack
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/execstack>
- **Version:** 20130503
- **Source summary:** Utility to set/clear/query executable stack bit
- **Homepage:** <https://people.redhat.com/jakub/prelink/>
- **Upstream docs:** <https://people.redhat.com/jakub/prelink>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://people.redhat.com/jakub/prelink/prelink-20130503.tar.bz2>
- **Last updated:** 2026-07-03T15:24:00-04:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- execstack (cli)
- execstack (alias)

## Dependencies

- elfutils

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 20130503
- Package-manager updated: 2026-07-03
- Local data: ok
- Upstream repository: https://people.redhat.com/jakub/prelink/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

execstack is a small ELF hardening utility from the prelink project. It exists to query, set, or clear the executable-stack requirement recorded in ELF program headers.

### Project history

The tool belongs to the early-2000s Linux transition away from assuming that process stacks were executable. Jakub Jelinek's 2003 binutils work introduced PT_GNU_STACK so compilers, assemblers, and linkers could describe whether an executable stack was needed; execstack provided a post-link command-line way to inspect and override that metadata.

The upstream prelink archive shows prelink tarballs beginning in 2001 and continuing through a 2013 snapshot. The execstack manual page was obtained from the prelink-20130503 tarball and dates the utility's documentation to October 2003.

### Adoption history

execstack became a packaging and security-maintenance utility rather than a day-to-day application. It is most useful when a third-party ELF binary or shared object has incorrect PT_GNU_STACK markings and a packager needs to verify or clear them without rebuilding the original source.

### How it is used

The common workflow is intentionally narrow: run execstack -q to report whether files require an executable stack, execstack -c to mark known-safe objects as not requiring one, or execstack -s for the rare case where a binary really needs executable stack support.

### Why package nerds care

Package maintainers care about execstack because it sits at the boundary between compiler metadata, linker policy, and runtime hardening. A single bad executable-stack bit can change security posture, so a tiny utility remains useful even after prelink itself stopped being fashionable.

### Timeline

- 2001: The prelink archive begins publishing source snapshots.
- 2003: PT_GNU_STACK support is proposed for binutils.
- 2003: execstack documentation describes querying and changing PT_GNU_STACK markings.
- 2013: The prelink archive publishes a later source snapshot used by manual-page renderers.

### Related projects

- execstack is tied to prelink, GNU binutils, GCC .note.GNU-stack metadata, and ELF dynamic-linker hardening behavior.

### Sources

- <https://people.redhat.com/jakub/prelink/>
- <https://man7.org/linux/man-pages/man8/execstack.8.html>
- <https://sourceware.org/legacy-ml/binutils/2003-05/msg00741.html>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** execstack
- **Version Scheme:** 0
- **Revision:** 0
- **Requirements:** linux
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Ubuntu apt - execstack - 0.0.20131005-1.1ubuntu1: normalized package name match | Ubuntu 24.04 LTS package indexes: execstack from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | ELF GNU_STACK program header editing utility
- dnf - execstack - 0.5.0-32.fc44: normalized package name match | Fedora Rawhide package metadata: execstack from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Utility to set/clear/query executable stack bit
- zypper - execstack - 0.5.0-5.6: normalized package name match | openSUSE Tumbleweed package metadata: execstack from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Utility to set/clear/query executable stack bit | https://github.com/keszybz/prelink/archive


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Database and data packages](https://www.automicvault.com/pkg/database-data-tools/) - Matched database, SQL, migration, or data-store metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [elfutils](https://www.automicvault.com/pkg/brew/elfutils/) - Runtime dependency declared by Homebrew.
- [redress](https://www.automicvault.com/pkg/brew/redress/) - Shares av.db curated category or tags: binary-analysis, cli, security.
- [modsurfer](https://www.automicvault.com/pkg/brew/modsurfer/) - Shares av.db curated category or tags: binary-analysis, cli, security.
- [retdec](https://www.automicvault.com/pkg/brew/retdec/) - Shares av.db curated category or tags: binary-analysis, cli, security.
- [rizin](https://www.automicvault.com/pkg/brew/rizin/) - Shares av.db curated category or tags: binary-analysis, cli, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [libcap-ng](https://www.automicvault.com/pkg/brew/libcap-ng/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/execstack.yml](https://github.com/automic-vault/db/blob/main/combined/execstack.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
