[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] emu: fix executable stack marking
|
From: |
Daniel Kiper |
|
Subject: |
Re: [PATCH] emu: fix executable stack marking |
|
Date: |
Thu, 5 Aug 2021 17:05:05 +0200 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Mon, Aug 02, 2021 at 05:40:57PM +0800, Michael Chang via Grub-devel wrote:
> The gcc by default assumes executable stack is required if the source
> object file doesn't have .note.GNU-stack section in place. If any of the
> source objects doesn't incorporate the GNU-stack note, the resulting
> program will have executable stack flag set in PT_GNU_STACK program
> header to instruct program loader or kernel to set up the exeutable
> stack when program loads to memory.
>
> Usually the .note.GNU-stack section will be generated by gcc
> automatically if it finds that executable stack is not required. However
> it doesn't take care of generating .note.GNU-stack section for those
> object files built from assembler sources. This leads to unnecessary
> risk of security of exploiting the executable stack because those
> assembler sources don't actually require stack to be executable to work.
>
> The grub-emu and grub-emu-lite are found to flag stack as executable
> revealed by execstack tool.
Did you test all executables for all supported architectures and platforms?
> $ mkdir -p build-emu && cd build-emu
> $ ../configure --with-platform=emu && make
> $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
> X grub-core/grub-emu
> X grub-core/grub-emu-lite
>
> This patch will add the missing GNU-stack note to the assembler source
> used by both utilities, therefore the result doesn't count on gcc
> default behavior and the executable stack is disabled.
>
> $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
> - grub-core/grub-emu
> - grub-core/grub-emu-lite
>
> Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel