ExecutableStacks

Differences between revisions 2 and 14 (spanning 12 versions)
Revision 2 as of 2009-08-03 15:26:18
Size: 1803
Editor: 89
Comment:
Revision 14 as of 2009-08-05 16:48:54
Size: 2568
Editor: 89
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
There are still some programs that have executable stack regions.
  * [[https://bugs.launchpad.net/ubuntu/+bugs?field.tag=execstack|open bugs in LP]]
  * check an ELF binary: "readelf -l $BIN | grep GNU_STACK" shows with "E" flag.
  * Gentoo write-up of what to do: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml		 There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, and are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).
  * check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
  * fix source by adding flags to assembler: {{{.section .note.GNU-stack, "", @progbits}}}
  * Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
  * -Wl,-z,noexecstack will change the [[http://sourceware.org/ml/binutils/2003-05/msg00741.html|behavior]] of compiler's asm-without-stack-markings defaults.
Line 6: Line 7:
= Main/Restricted Packages =
Line 8: Line 10:
== Fixed ==
 * [[https://launchpad.net/bugs/375121|zip]]
 * [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539775|bogl]]
 * [[https://launchpad.net/bugs/408499|mono]]
Line 9: Line 16:
Uses [[http://grub.enbug.org/NestedFunctions|Nested Functions]] which compiler generates as trampolines on the stack.    * bogl [[http://cvs.fedoraproject.org/viewvc//devel/bogl/bogl-0.1.18-noexecstack.patch?view=markup|patch]] Uses [[http://grub.enbug.org/NestedFunctions|Nested Functions]] which compiler generates as [[http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html|trampolines]] on the stack.
Line 12: Line 18:
 * grub2  * grub2 [[http://savannah.gnu.org/bugs/?25220|upstream bug]]

== Trampolines ==
 * klibc (setjmp implementation)
 * kexec-tools (statically linked against klibc)

== Shipped Precompiled Binary ==
 * fglrx-installer
 * nvidia-graphics-drivers-173
 * nvidia-graphics-drivers-180
 * nvidia-graphics-drivers-71
 * nvidia-graphics-drivers-96
Line 15: Line 32:
 * fglrx-installer
Line 21: Line 37:
 * mono
 * nvidia-graphics-drivers-173
 * nvidia-graphics-drivers-180
 * nvidia-graphics-drivers-71
 * nvidia-graphics-drivers-96
Line 27: Line 38:

== Harmless ==
 * kexec-tools
 * klibc

There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, and are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).

  • check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.

  • fix source by adding flags to assembler: .section        .note.GNU-stack, "", @progbits

  • Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

  • -Wl,-z,noexecstack will change the behavior of compiler's asm-without-stack-markings defaults.

Main/Restricted Packages

Originally generated from the ELF files with executable stacks in Karmic main.

Fixed

Nested Functions

Uses Nested Functions which compiler generates as trampolines on the stack.

Trampolines

  • klibc (setjmp implementation)
  • kexec-tools (statically linked against klibc)

Shipped Precompiled Binary

  • fglrx-installer
  • nvidia-graphics-drivers-173
  • nvidia-graphics-drivers-180
  • nvidia-graphics-drivers-71
  • nvidia-graphics-drivers-96

Unclassified

  • icon
  • john
  • link-grammar
  • mbr
  • memtest86+
  • openjdk-6

Fedora Patches

SecurityTeam/Roadmap/ExecutableStacks (last edited 2017-08-22 14:25:31 by jdstrand)