There are still some programs that have executable stack regions, which results in their being vulnerable to exploitation via stack memory. There are only a few very rare situations where executable stacks are actually desired, the rest are usually the result of lacking flags in assembly code or using nested functions (which are generally avoidable).

• Detection:

  • check an ELF binary: "readelf -lW $BIN | grep GNU_STACK" shows with "E" flag.
  • check a .o file: "scanelf -e $BIN | grep X".

• Information: Gentoo write-up about exec stack handling: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

• Potential Solutions:

  • fix assembly source by adding flags to assembler: .section        .note.GNU-stack, "", @progbits

  • fix compiler's default when encountering unmarked assembly: -Wl,-z,noexecstack will change the behavior of compiler's asm-without-stack-markings defaults.

  • rework code to avoid using nested functions.
  • force markings into a safe state via "execstack -c $BINARY" during package build.

Main/Restricted Packages

Originally generated from the ELF files with executable stacks in Karmic main.

Fixed

• zip (umarked asm)

• bogl (nested function)

• mono (unmarked asm)

Nested Functions

Uses Nested Functions which compiler generates as trampolines on the stack.

• grub

• grub2 upstream bug

• link-grammar

• mbr
• icon

Trampolines

• klibc (setjmp implementation)
• kexec-tools (statically linked against klibc)

Shipped Precompiled Binary

• fglrx-installer

• nvidia

  • nvidia-graphics-drivers-173
  • nvidia-graphics-drivers-180
  • nvidia-graphics-drivers-71
  • nvidia-graphics-drivers-96

Unmarked Assembler

• openjdk-6

• john

No Stack Section

• memtest86+ (is a boot-loaded ELF, not a big deal)

Fedora Patches for universe packages

• http://cvs.fedoraproject.org/viewcvs/devel/lightning/lightning-1.2-execstack.patch?view=markup

• http://cvs.fedoraproject.org/viewcvs/devel/mlton/mlton-20070826-no-execmem.patch?view=markup