Re: [PATCH] ELF: warn if process starts with executable stack

From: Ben Dooks
Date: Mon Nov 18 2019 - 12:13:46 EST

Next message: Sven Van Asbroeck: "Re: [PATCH v1 1/4] tps6105x: add optional devicetree support"
Previous message: Giovanni Mascellani: "[PATCH v4 2/2] dell-smm-hwmon: Add documentation"
In reply to: Alexey Dobriyan: "[PATCH] ELF: warn if process starts with executable stack"
Next in thread: Andrew Morton: "Re: [PATCH] ELF: warn if process starts with executable stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 18/11/2019 14:51, Alexey Dobriyan wrote:

PT_GNU_STACK is fail open design, at least warn people that something
isn't right.

Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
---

fs/exec.c | 7 +++++++
1 file changed, 7 insertions(+)

--- a/fs/exec.c
+++ b/fs/exec.c
@@ -762,6 +762,13 @@ int setup_arg_pages(struct linux_binprm *bprm,
goto out_unlock;
BUG_ON(prev != vma);

it might be worth to use:
if (IS_ENABLED(CONFIG_MMU) && vm_flags & VM_EXEC) {

instead of the #ifdef

+#ifdef CONFIG_MMU
+ if (vm_flags & VM_EXEC) {
+ pr_warn_once("process '%s'/%u started with executable stack\n",
+ current->comm, current->pid);
+ }
+#endif
+
/* Move stack pages down in memory. */
if (stack_shift) {
ret = shift_arg_pages(vma, stack_shift);

--
Ben Dooks http://www.codethink.co.uk/
Senior Engineer Codethink - Providing Genius

https://www.codethink.co.uk/privacy.html

Next message: Sven Van Asbroeck: "Re: [PATCH v1 1/4] tps6105x: add optional devicetree support"
Previous message: Giovanni Mascellani: "[PATCH v4 2/2] dell-smm-hwmon: Add documentation"
In reply to: Alexey Dobriyan: "[PATCH] ELF: warn if process starts with executable stack"
Next in thread: Andrew Morton: "Re: [PATCH] ELF: warn if process starts with executable stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]