ExecutableStacks

Differences between revisions 13 and 17 (spanning 4 versions)
Revision 13 as of 2009-08-04 08:22:20
Size: 2259
Editor: 89
Comment:
Revision 17 as of 2009-08-05 17:24:01
Size: 2953
Editor: 89
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
There are still some programs that have executable stack regions.
  * [[https://bugs.launchpad.net/ubuntu/+bugs?field.tag=execstack|open bugs in LP]]
  * check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
  * Gentoo write-up of what to do: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
  * -Wl,-z,noexecstack will change the [[http://sourceware.org/ml/binutils/2003-05/msg00741.html|behavior]] of compiler's asm-without-stack-markings defaults.		 There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, and are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).
  * '''Detection''': check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
  * '''Information''': Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
  * '''Potential Solutions''':
   * fix assembly source by adding flags to assembler: {{{.section .note.GNU-stack, "", @progbits}}}
   * fix compiler's default when encountering unmarked assembly: {{{-Wl,-z,noexecstack}}} will change the [[http://sourceware.org/ml/binutils/2003-05/msg00741.html|behavior]] of compiler's asm-without-stack-markings defaults.
   * rework code to avoid using nested functions.
   * force markings into a safe state via "execstack -c $BINARY" during package build.
Line 25: Line 28:
 * fglrx-installer
 * nvidia-graphics-drivers-173
 * nvidia-graphics-drivers-180
 * nvidia-graphics-drivers-71
 * nvidia-graphics-drivers-96		  * [[https://bugs.launchpad.net/bugs/409440|fglrx-installer]]
 * [[https://bugs.launchpad.net/bugs/409456|nvidia]]
  * nvidia-graphics-drivers-173
  * nvidia-graphics-drivers-180
  * nvidia-graphics-drivers-71
  * nvidia-graphics-drivers-96

There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, and are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).

  • Detection: check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.

  • Information: Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

  • Potential Solutions:

    • fix assembly source by adding flags to assembler: .section        .note.GNU-stack, "", @progbits

    • fix compiler's default when encountering unmarked assembly: -Wl,-z,noexecstack will change the behavior of compiler's asm-without-stack-markings defaults.

    • rework code to avoid using nested functions.
    • force markings into a safe state via "execstack -c $BINARY" during package build.

Main/Restricted Packages

Originally generated from the ELF files with executable stacks in Karmic main.

Fixed

Nested Functions

Uses Nested Functions which compiler generates as trampolines on the stack.

Trampolines

  • klibc (setjmp implementation)
  • kexec-tools (statically linked against klibc)

Shipped Precompiled Binary

  • fglrx-installer

  • nvidia

    • nvidia-graphics-drivers-173
    • nvidia-graphics-drivers-180
    • nvidia-graphics-drivers-71
    • nvidia-graphics-drivers-96

Unclassified

  • icon
  • john
  • link-grammar
  • mbr
  • memtest86+
  • openjdk-6

Fedora Patches

SecurityTeam/Roadmap/ExecutableStacks (last edited 2017-08-22 14:25:31 by jdstrand)