c - Stacks are executable even with `noexecstack` -


i'm trying protect application against buffer overflow exploits. among other things, i'm using non-executable stacks , link binaries noexecstack flag (by passing -wl,-z,noexecstack gcc).

everything seems fine - readelf confirms pt_gnu_stack specifies correct permissions:

$ readelf -l target | grep -a1 gnu_stack   gnu_stack      0x0000000000000000 0x0000000000000000 0x0000000000000000                  0x0000000000000000 0x0000000000000000  rw     10 

so execstack:

$ execstack -q target - target 

there's 1 problem. stacks executable:

root@170ubuntu16p04-64smp-1:~# cat /proc/12878/task/*/maps | grep stack 7ffcac654000-7ffcac675000 rwxp 00000000 00:00 0                          [stack] 7fe540e66000-7fe541666000 rwxp 00000000 00:00 0                          [stack] 7fe540665000-7fe540e65000 rwxp 00000000 00:00 0                          [stack] 7fe53b800000-7fe53c000000 rwxp 00000000 00:00 0                          [stack] 

i've trapped allocate_stack calls , examined protection flags. in theory, should initialized according pt_gnu_stack. in case, seems pt_gnu_stack ignored , _dl_stack_flags initialized default permissions.

does know have caused this? seems correct, stacks still executable.

i'm using gcc 4.8.3 / glibc 2.11.

what have caused this?

in addition main executable's pt_gnu_stack having correct permissions, also need have pt_gnu_stack correct permissions in every directly-linked shared library.

if 1 of these libraries not have pt_gnu_stack @ all, or has 1 executable permissions, "poison" of stacks executable permission.

so run

for j in $(ldd target | grep -o '=> .* ' | sed -e 's/=> //' -e '/^ *$/d' );   out=$(readelf -wl $j | grep stack)   [[ -z "$out" ]] &&  echo "missing gnu_stack in $j"   echo $out | grep -q rwe && echo "executable gnu_stack in $j" done 

and see @ least 1 library missing or executable stack.

p.s. see olaf has (partially) suggested this.


Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -