ExecutableStacks

Differences between revisions 1 and 9 (spanning 8 versions)

There are still some programs that have executable stack regions.

open bugs in LP
check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
Gentoo write-up of what to do: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

Main/Restricted Packages

Originally generated from the ELF files with executable stacks in Karmic main.

Fixed

zip
bogl

Nested Functions

Uses Nested Functions which compiler generates as trampolines on the stack.

grub
grub2 upstream bug

Stack Trampolines

klibc (setjmp implementation)
kexec-tools (statically linked against klibc)

Shipped Precompiled Binary

fglrx-installer
nvidia-graphics-drivers-173
nvidia-graphics-drivers-180
nvidia-graphics-drivers-71
nvidia-graphics-drivers-96

Unclassified

icon
john
link-grammar
mbr
memtest86+
mono
openjdk-6

Fedora Patches

http://cvs.fedoraproject.org/viewcvs/devel/gdk-pixbuf/gtk+-2.2.2-noexecstack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/libdv/libdv-0.104-no-exec-stack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/lightning/lightning-1.2-execstack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/net-tools/net-tools-1.60-execshield.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/net-tools/netplug-1.2.9-execshield.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/ocaml/ocaml-3.11-dev12-no-executable-stack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/qimageblitz/qimageblitz-0.0.4-noexecstack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/mlton/mlton-20070826-no-execmem.patch?view=markup

SecurityTeam/Roadmap/ExecutableStacks (last edited 2017-08-22 14:25:31 by jdstrand)

-  ⇤ ← Revision 1 as of 2009-08-03 15:21:48 → 
  Size: 1478
  Editor: 89
  Comment:
+   ← Revision 9 as of 2009-08-03 17:00:50 → ⇥
  Size: 1911
  Editor: 89
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
+There are still some programs that have executable stack regions.
  * [[https://bugs.launchpad.net/ubuntu/+bugs?field.tag=execstack|open bugs in LP]]
  * check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
  * Gentoo write-up of what to do: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

= Main/Restricted Packages =
-Line 3:
+Line 9:
+== Fixed ==
 * zip
 * bogl
-Line 4:
+Line 14:
-Uses [[http://grub.enbug.org/NestedFunctions|Nested Functions]] which compiler generates as trampolines on the stack.    * bogl [[http://cvs.fedoraproject.org/viewvc//devel/bogl/bogl-0.1.18-noexecstack.patch?view=markup|patch]]
+Uses [[http://grub.enbug.org/NestedFunctions|Nested Functions]] which compiler generates as trampolines on the stack.
-Line 7:
+Line 16:
- * grub2
+ * grub2 [[http://savannah.gnu.org/bugs/?25220|upstream bug]]

== Stack Trampolines ==
 * klibc (setjmp implementation)
 * kexec-tools (statically linked against klibc)

== Shipped Precompiled Binary ==
 * fglrx-installer
 * nvidia-graphics-drivers-173
 * nvidia-graphics-drivers-180
 * nvidia-graphics-drivers-71
 * nvidia-graphics-drivers-96
-Line 10:
+Line 30:
- * fglrx-installer
-Line 17:
+Line 36:
- * nvidia-graphics-drivers-173
 * nvidia-graphics-drivers-180
 * nvidia-graphics-drivers-71
 * nvidia-graphics-drivers-96
-Line 22:
+Line 37:
-== Harmless ==
 * kexec-tools
 * klibc

Ubuntu Wiki