Re: [PATCH v2] execve: warn if process starts with executable stack

From: Alexey Dobriyan
Date: Wed Dec 11 2019 - 02:22:33 EST

Next message: Dan Carpenter: "Re: [PATCH 1/2] staging: octeon: delete driver"
Previous message: Shawn Guo: "Re: [PATCH v2] ARM: dts: colibri-imx6ull: correct wrong pinmuxing and add comments"
In reply to: Andrew Morton: "Re: [PATCH v2] execve: warn if process starts with executable stack"
Next in thread: Willy Tarreau: "Re: [PATCH v2] execve: warn if process starts with executable stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 10, 2019 at 05:47:26PM -0800, Andrew Morton wrote:
> On Sun, 8 Dec 2019 20:19:18 +0300 Alexey Dobriyan <adobriyan@xxxxxxxxx> wrote:
>
> > There were few episodes of silent downgrade to an executable stack over
> > years:
> >
> > 1) linking innocent looking assembly file will silently add executable
> > stack if proper linker options is not given as well:
> >
> > $ cat f.S
> > .intel_syntax noprefix
> > .text
> > .globl f
> > f:
> > ret
> >
> > $ cat main.c
> > void f(void);
> > int main(void)
> > {
> > f();
> > return 0;
> > }
> >
> > $ gcc main.c f.S
> > $ readelf -l ./a.out
> > GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
> > 0x0000000000000000 0x0000000000000000 RWE 0x10
> > ^^^
> >
> > 2) converting C99 nested function into a closure
> > https://nullprogram.com/blog/2019/11/15/
> >
> > void intsort2(int *base, size_t nmemb, _Bool invert)
> > {
> > int cmp(const void *a, const void *b)
> > {
> > int r = *(int *)a - *(int *)b;
> > return invert ? -r : r;
> > }
> > qsort(base, nmemb, sizeof(*base), cmp);
> > }
> >
> > will silently require stack trampolines while non-closure version will not.
> >
> > Without doubt this behaviour is documented somewhere, add a warning so that
> > developers and users can at least notice. After so many years of x86_64 having
> > proper executable stack support it should not cause too many problems.
>
> hm, OK, let's give it a trial run.
>
> > --- a/fs/exec.c
> > +++ b/fs/exec.c
> > @@ -761,6 +761,11 @@ int setup_arg_pages(struct linux_binprm *bprm,
> > goto out_unlock;
> > BUG_ON(prev != vma);
> >
> > + if (unlikely(vm_flags & VM_EXEC)) {
> > + pr_warn_once("process '%pD4' started with executable stack\n",
> > + bprm->file);
> > + }
> > +
> > /* Move stack pages down in memory. */
> > if (stack_shift) {
> > ret = shift_arg_pages(vma, stack_shift);
>
> What are poor users supposed to do if this message comes out?
> Hopefully google the message and end up at this thread. What do you
> want to tell them?

Me? Nothing :-) They hopefully should file tickets against distros and ISV,
post egregious examples to oss-security.

Like they already do against this warning!
> ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored

Next message: Dan Carpenter: "Re: [PATCH 1/2] staging: octeon: delete driver"
Previous message: Shawn Guo: "Re: [PATCH v2] ARM: dts: colibri-imx6ull: correct wrong pinmuxing and add comments"
In reply to: Andrew Morton: "Re: [PATCH v2] execve: warn if process starts with executable stack"
Next in thread: Willy Tarreau: "Re: [PATCH v2] execve: warn if process starts with executable stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]