ExecutableStacks
|
Size: 2953
Comment:
|
Size: 2958
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, and are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable). | There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, the rest are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable). |
There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, the rest are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).
Detection: check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
Information: Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
Potential Solutions:
fix assembly source by adding flags to assembler: .section .note.GNU-stack, "", @progbits
fix compiler's default when encountering unmarked assembly: -Wl,-z,noexecstack will change the behavior of compiler's asm-without-stack-markings defaults.
- rework code to avoid using nested functions.
- force markings into a safe state via "execstack -c $BINARY" during package build.
Main/Restricted Packages
Originally generated from the ELF files with executable stacks in Karmic main.
Fixed
Nested Functions
Uses Nested Functions which compiler generates as trampolines on the stack.
- grub
grub2 upstream bug
Trampolines
- klibc (setjmp implementation)
- kexec-tools (statically linked against klibc)
Shipped Precompiled Binary
- nvidia-graphics-drivers-173
- nvidia-graphics-drivers-180
- nvidia-graphics-drivers-71
- nvidia-graphics-drivers-96
Unclassified
- icon
- john
- link-grammar
- mbr
- memtest86+
- openjdk-6
Fedora Patches
http://cvs.fedoraproject.org/viewcvs/devel/gdk-pixbuf/gtk+-2.2.2-noexecstack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/libdv/libdv-0.104-no-exec-stack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/lightning/lightning-1.2-execstack.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/net-tools/net-tools-1.60-execshield.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/net-tools/netplug-1.2.9-execshield.patch?view=markup
http://cvs.fedoraproject.org/viewcvs/devel/mlton/mlton-20070826-no-execmem.patch?view=markup
SecurityTeam/Roadmap/ExecutableStacks (last edited 2017-08-22 14:25:31 by jdstrand)