Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Patch] add .note.GNU-stack to avoid generating binaries with executable stacks #4564

Closed
vicuna opened this issue Jun 9, 2008 · 4 comments
Closed
Assignees

Comments

@vicuna
Copy link

vicuna commented Jun 9, 2008

Original bug ID: 4564
Reporter: Richard Jones
Assigned to: @xavierleroy
Status: closed (set by @xavierleroy on 2010-04-29T12:25:55Z)
Resolution: fixed
Priority: normal
Severity: minor
Version: 3.11+dev
Category: back end (clambda to assembly)
Monitored by: jm

Bug description

As discussed on the list, ocamlopt generates binaries which run with
executable stacks. However this isn't necessary or desirable behaviour:
http://caml.inria.fr/pub/ml-archives/caml-list/2006/11/2678e935e05e0298cc2e5352b966c262.en.html

Attached to this bug report is a patch which adds the correct
note section to assembly files, both those generated by ocamlopt
and the parts of the runtime written in assembly.

I've only been able to test this on Linux/ELF. It's possible that
the patch breaks non-ELF platforms (are there any??) but with
any luck the meaningless section should just be ignored on these
platforms.

File attachments

@vicuna
Copy link
Author

vicuna commented Jun 9, 2008

Comment author: Richard Jones

Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=450551

@vicuna
Copy link
Author

vicuna commented Jun 9, 2008

Comment author: Richard Jones

Here's an updated patch which fixes the Mac OS X / x86 build issue.

I should explain a bit more about what this patch does. I had a useful link
before which explained everything but now I've lost it. Anyway:

Each object file generated by recent gcc is marked according to whether or
not it needs an executable stack. If the C file used a nested function (GCC
extension) then it needs a trampoline which uses an executable stack,
otherwise not. Finally the linker examines every object, and if they all
don't need a non-executable stack, the final binary is marked as
non-executable stack too. However if any object file needs an executable
stack, then the whole binary needs an executable stack.

For backwards compatibility, any unmarked object file is assumed to
need an executable stack.

So if ocamlopt doesn't mark its object files, then any ocamlopt
binaries get an executable stack by default.

Note that this is a security problem: any C object files linked in may
have buffer overflows. A non-executable stack is very desirable because
it prevents (some of) these overflows.

So how do we mark a file? By adding one of these lines to the
assembly code:

.section .note.GNU-stack,"",%progbits

or (if you do need an executable stack):

.section .note.GNU-stack,"x",%progbits

To see if a binary is linked to require an executable stack, use
readelf -l binary and look for 'RWE' in the GNU_STACK header.

@vicuna
Copy link
Author

vicuna commented Jun 9, 2008

Comment author: Richard Jones

Found that link:
http://gcc.gnu.org/ml/gcc-patches/2007-07/msg01155.html

and a few others of interest:
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
http://en.wikipedia.org/wiki/NX_bit

@vicuna
Copy link
Author

vicuna commented Aug 1, 2008

Comment author: @xavierleroy

Thanks for the detailed explanations -- the Gentoo doc page was particularly informative. Since I'm of the prudent kind, I have so far added the "note" only for Linux/x86 and Linux/x86-64, the two Linux platforms where I can test myself. We'll see what to do for other platforms on a by-need basis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants