Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#65 closed defect (fixed)

disable executable stack sections

Reported by: felix winkelmann Owned by:
Priority: major Milestone:
Component: build system Version: 4.1.x
Keywords: Cc:
Estimated difficulty:

Description

(reported by Marijn Schouten)

automatic scanning by our package manager reports that the following files
contain executable stack sections[1]:

 * RWX --- --- usr/bin/chicken-bug
 * !WX --- --- usr/lib64/libuchickenchicken-4.1.0.tar.gz:apply-hack.x86-64.o
 * !WX --- --- usr/lib64/libchickenchicken-4.1.0.tar.gz:apply-hack.x86-64.o
 * RWX --- --- usr/lib64/libchicken.so
 * RWX --- --- usr/lib64/libuchicken.so

http://www.gentoo.org/proj/en/hardened/gnu-stack.xml indicates that at least the hacked-apply assembly files need to be patched.

Attachments (1)

non-exec-stack.diff.txt (779 bytes) - added by Jim Ursetto 10 years ago.
non-exec stack

Download all attachments as: .zip

Change History (5)

Changed 10 years ago by Jim Ursetto

Attachment: non-exec-stack.diff.txt added

non-exec stack

comment:1 Changed 10 years ago by Jim Ursetto

Looks like patching apply-hack.x86.s and apply-hack.x86-64.s does fix the issue according to scanelf/readelf from the pax-utils package.

comment:2 Changed 10 years ago by Jim Ursetto

FYI, prior to patch:

~/scheme/chicken-4$ scanelf -qe *
!WX --- ---  apply-hack.x86-64.o
RWX --- ---  chicken-boot
RWX --- ---  chicken-bug
RWX --- ---  libchicken.so
RWX --- ---  libuchicken.so

After patch and make:

~/scheme/chicken-4$ scanelf -qe *
RWX --- ---  chicken-boot

After make bootstrap:

~/scheme/chicken-4$ scanelf -qe *

comment:3 Changed 10 years ago by felix winkelmann

Resolution: fixed
Status: newclosed

Applied in r15484. Thanks for testing this.

comment:4 Changed 10 years ago by (none)

Milestone: 4.2.0

Milestone 4.2.0 deleted

Note: See TracTickets for help on using tickets.