Re: [PATCH v2] execve: warn if process starts with executable stack
From: Dan Carpenter
Date: Fri Dec 13 2019 - 04:57:13 EST
On Fri, Dec 13, 2019 at 12:25:20AM +0300, Alexey Dobriyan wrote:
> On Wed, Dec 11, 2019 at 07:24:01PM +0100, Willy Tarreau wrote:
> > On Wed, Dec 11, 2019 at 09:19:33PM +0300, Alexey Dobriyan wrote:
> > > Reports are better be done by people who know what they are doing, as in
> > > understand what executable stack is and what does it mean in reality.
> > >
> > > > Otherwise it will just go to /dev/null with all warning about bad blocks
> > > > on USB sticks and CPU core throttling under high temperature.
> > >
> > > That's fine. You don't want bugreports from people who don't know what
> > > is executable stack. Every security bug bounty program is flooded by
> > > such people. This is why message is worded in a neutral way.
> > Well we definitely don't have the same experience with user reports. I
> > was just suggesting, but since you apparently already have all the
> > responses you needed, I'm even wondering why the warning remains.
> Willy, whatever instructions for users you have in mind must be
> different for different people. Developer should be told to add
> "-Wl,-z,noexecstack" and more. Regular user (define "regular") should be
> told to send bugreport if the program really needs executable stack
> which again splits into two situations: exec stack was added knowingly
> because it is some old program with lost source code or it was readded
> by mistake.
> "Complain to linux-kernel" is meaningless, kernel is not responsible.
> What the message is even supposed to say?
You could direct people to a website and then update the instructions