* How to make stack executable on demand? @ 2004-04-16 17:09 H. J. Lu 2004-04-16 18:07 ` Andreas Steinmetz 2004-04-16 20:02 ` Arjan van de Ven 0 siblings, 2 replies; 9+ messages in thread From: H. J. Lu @ 2004-04-16 17:09 UTC (permalink / raw) To: linux kernel With the non-executable stack kernel, how can I make stack executable on demand? If I set kernel with non-executable stack, only those binaries marked with executable PT_GNU_STACK will have executable stack. But a binary with non-executable PT_GNU_STACK may dlopen a DSO with executable PT_GNU_STACK. The dynamic linker will try to make stack executable with mprotect. But it will either fail if kernel is set with non-executable stack, or be a no-op if kernel is set with executable stack. Is there a third option that a process starts with non-executable stack and can change the stack permission later? H.J. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 17:09 How to make stack executable on demand? H. J. Lu @ 2004-04-16 18:07 ` Andreas Steinmetz 2004-04-16 19:40 ` H. J. Lu 2004-04-19 14:39 ` Pavel Machek 2004-04-16 20:02 ` Arjan van de Ven 1 sibling, 2 replies; 9+ messages in thread From: Andreas Steinmetz @ 2004-04-16 18:07 UTC (permalink / raw) To: H. J. Lu; +Cc: linux kernel H. J. Lu wrote: > is set with executable stack. Is there a third option that a process > starts with non-executable stack and can change the stack permission > later? > Well, in my opinion your request is equivalent to "keep all these cute buffer overflows forever". Take any protected app, LD_PRELOAD or drop in a bad/malicious library and your're done for good. Not really a good idea. -- Andreas Steinmetz SPAMmers use robotrap@domdv.de ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 18:07 ` Andreas Steinmetz @ 2004-04-16 19:40 ` H. J. Lu 2004-04-19 14:39 ` Pavel Machek 1 sibling, 0 replies; 9+ messages in thread From: H. J. Lu @ 2004-04-16 19:40 UTC (permalink / raw) To: Andreas Steinmetz; +Cc: linux kernel On Fri, Apr 16, 2004 at 08:07:30PM +0200, Andreas Steinmetz wrote: > H. J. Lu wrote: > >is set with executable stack. Is there a third option that a process > >starts with non-executable stack and can change the stack permission > >later? > > > > Well, in my opinion your request is equivalent to "keep all these cute > buffer overflows forever". Take any protected app, LD_PRELOAD or drop in > a bad/malicious library and your're done for good. Not really a good idea. The current scheme doesn't work too well. Linker doesn't combine PT_GNU_STACK from DSO: http://sources.redhat.com/ml/binutils/2004-04/msg00341.html for a reason. It expects the dynamic linker to do that at the run-time, which kernel won't allow. I am looking for a reasonable solution. H.J. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 18:07 ` Andreas Steinmetz 2004-04-16 19:40 ` H. J. Lu @ 2004-04-19 14:39 ` Pavel Machek 1 sibling, 0 replies; 9+ messages in thread From: Pavel Machek @ 2004-04-19 14:39 UTC (permalink / raw) To: Andreas Steinmetz; +Cc: H. J. Lu, linux kernel Hi! > >is set with executable stack. Is there a third option that a process > >starts with non-executable stack and can change the stack permission > >later? > > > > Well, in my opinion your request is equivalent to "keep all these > cute buffer overflows forever". Take any protected app, LD_PRELOAD or > drop in a bad/malicious library and your're done for good. Not really > a good idea. With malicious libraries, you have *way* bigger problems than buffer overruns. Pavel -- 64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 17:09 How to make stack executable on demand? H. J. Lu 2004-04-16 18:07 ` Andreas Steinmetz @ 2004-04-16 20:02 ` Arjan van de Ven 2004-04-16 20:46 ` H. J. Lu 1 sibling, 1 reply; 9+ messages in thread From: Arjan van de Ven @ 2004-04-16 20:02 UTC (permalink / raw) To: H. J. Lu; +Cc: linux kernel [-- Attachment #1: Type: text/plain, Size: 214 bytes --] > But it will either fail if > kernel is set with non-executable stack, eh no. mprotect with prot_exec is still supposed to work. The stacks still have MAY_EXEC attribute, just not the actual EXEC attribute [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 20:02 ` Arjan van de Ven @ 2004-04-16 20:46 ` H. J. Lu 2004-04-16 20:57 ` Dave Jones ` (2 more replies) 0 siblings, 3 replies; 9+ messages in thread From: H. J. Lu @ 2004-04-16 20:46 UTC (permalink / raw) To: Arjan van de Ven; +Cc: linux kernel On Fri, Apr 16, 2004 at 10:02:58PM +0200, Arjan van de Ven wrote: > > But it will either fail if > > kernel is set with non-executable stack, > > eh no. mprotect with prot_exec is still supposed to work. The stacks > still have MAY_EXEC attribute, just not the actual EXEC attribute Ok. It looks like a bug in Red Hat EL 3 kernel. In fs/exec.c, there are if (executable_stack) mpnt->vm_flags = VM_STACK_FLAGS | VM_MAYEXEC | VM_EXEC; else mpnt->vm_flags = VM_STACK_FLAGS & ~(VM_MAYEXEC|VM_EXEC); That is if an executabl is not marked with executable stack, the VM_MAYEXEC bit is turned off. But 2.6.5-mm6 has if (unlikely(executable_stack == EXSTACK_ENABLE_X)) mpnt->vm_flags = VM_STACK_FLAGS | VM_EXEC; else if (executable_stack == EXSTACK_DISABLE_X) mpnt->vm_flags = VM_STACK_FLAGS & ~VM_EXEC; else mpnt->vm_flags = VM_STACK_FLAGS; The VM_MAYEXEC bit is untouched. Now the question is if it is a good idea for user to change stack permission. H.J. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 20:46 ` H. J. Lu @ 2004-04-16 20:57 ` Dave Jones 2004-04-17 7:13 ` Arjan van de Ven 2004-04-19 0:08 ` Jamie Lokier 2 siblings, 0 replies; 9+ messages in thread From: Dave Jones @ 2004-04-16 20:57 UTC (permalink / raw) To: H. J. Lu; +Cc: Arjan van de Ven, linux kernel On Fri, Apr 16, 2004 at 01:46:51PM -0700, H. J. Lu wrote: > On Fri, Apr 16, 2004 at 10:02:58PM +0200, Arjan van de Ven wrote: > > > But it will either fail if > > > kernel is set with non-executable stack, > > > > eh no. mprotect with prot_exec is still supposed to work. The stacks > > still have MAY_EXEC attribute, just not the actual EXEC attribute > > Ok. It looks like a bug in Red Hat EL 3 kernel. In fs/exec.c, there That version of exec-shield is quite dated. For the latest version, look on http://people.redhat.com/mingo, or the Fedora kernels. I'm pretty sure that Exec-shield isn't even enabled in the EL kernels at this time, so it's quite out of date in respect to the others. Dave ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 20:46 ` H. J. Lu 2004-04-16 20:57 ` Dave Jones @ 2004-04-17 7:13 ` Arjan van de Ven 2004-04-19 0:08 ` Jamie Lokier 2 siblings, 0 replies; 9+ messages in thread From: Arjan van de Ven @ 2004-04-17 7:13 UTC (permalink / raw) To: H. J. Lu; +Cc: linux kernel [-- Attachment #1: Type: text/plain, Size: 931 bytes --] On Fri, Apr 16, 2004 at 01:46:51PM -0700, H. J. Lu wrote: > On Fri, Apr 16, 2004 at 10:02:58PM +0200, Arjan van de Ven wrote: > > > But it will either fail if > > > kernel is set with non-executable stack, > > > > eh no. mprotect with prot_exec is still supposed to work. The stacks > > still have MAY_EXEC attribute, just not the actual EXEC attribute > > Ok. It looks like a bug in Red Hat EL 3 kernel. In fs/exec.c, there > are > > if (executable_stack) > mpnt->vm_flags = VM_STACK_FLAGS | VM_MAYEXEC | VM_EXEC; > else > mpnt->vm_flags = VM_STACK_FLAGS & ~(VM_MAYEXEC|VM_EXEC); yep that's a bug > The VM_MAYEXEC bit is untouched. Now the question is if it is a good > idea for user to change stack permission. it's required for correct operation and "security wise" it doesn't matter, if someone can execute an mprotect syscall the game is over anyway [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: How to make stack executable on demand? 2004-04-16 20:46 ` H. J. Lu 2004-04-16 20:57 ` Dave Jones 2004-04-17 7:13 ` Arjan van de Ven @ 2004-04-19 0:08 ` Jamie Lokier 2 siblings, 0 replies; 9+ messages in thread From: Jamie Lokier @ 2004-04-19 0:08 UTC (permalink / raw) To: H. J. Lu; +Cc: Arjan van de Ven, linux kernel H. J. Lu wrote: > On Fri, Apr 16, 2004 at 10:02:58PM +0200, Arjan van de Ven wrote: > > > But it will either fail if > > > kernel is set with non-executable stack, > > > > eh no. mprotect with prot_exec is still supposed to work. The stacks > > still have MAY_EXEC attribute, just not the actual EXEC attribute > > [...] > The VM_MAYEXEC bit is untouched. Now the question is if it is a good > idea for user to change stack permission. You can create a new executable data area with mmap(), copy the stack to it, unmap the stack, and mremap() to move the copy to where the stack was. The run time linker can do this if you're on a kernel where mprotect() fails. In other words, even those kernels which disable VM_MAYEXEC don't protect against this alternative way of simulating mprotect(). There is no point in them prohibiting it. -- Jamie ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2004-04-22 19:50 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2004-04-16 17:09 How to make stack executable on demand? H. J. Lu 2004-04-16 18:07 ` Andreas Steinmetz 2004-04-16 19:40 ` H. J. Lu 2004-04-19 14:39 ` Pavel Machek 2004-04-16 20:02 ` Arjan van de Ven 2004-04-16 20:46 ` H. J. Lu 2004-04-16 20:57 ` Dave Jones 2004-04-17 7:13 ` Arjan van de Ven 2004-04-19 0:08 ` Jamie Lokier
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox