Bug#543451: needlessly executable stack
El lun, 24-08-2009 a las 19:04 -0700, Kees Cook escribió: It seems that john is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Thanks a lot Kees! Will test it :) Ruben signature.asc Description: Esta parte del mensaje está firmada digitalmente
Bug#543451: needlessly executable stack
Hi Kees, On Mon, Aug 24, 2009 at 07:04:01PM -0700, Kees Cook wrote: It seems that john is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Yes, I am aware of this issue - for some years now, in fact. I did not fix it yet because I was worried that the proposed fixes would break portability to some older and/or non-Linux systems, and I did not have time to check (had more important stuff to do). Well, I checked the .section approach as used by Gentoo on an 11 years old Linux system just recently - and it worked (in the sense that it did not break the compile). So I think I will just use it with a proper #ifdef. As to the ASFLAGS change, it does break things on this same ancient system: gcc -c -Wa,--noexecstack x86.S /usr/i486-linux/bin/as: unrecognized option `--noexecstack' GNU assembler version 980303 (i586-linux), using BFD version 2.8.1.0.23 Meanwhile, it is up to you to choose any of these approaches for the Debian and Ubuntu packages. On a related note, I think that exec-shield lacks an enforcing mode (sysctl'able) where it would ignore those flags, because most binaries that it treats as potentially requiring executable stack actually don't. Thanks, Alexander -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#543451: needlessly executable stack
Hi Alexander, On Tue, Aug 25, 2009 at 04:52:06PM +0400, Solar Designer wrote: On Mon, Aug 24, 2009 at 07:04:01PM -0700, Kees Cook wrote: It seems that john is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Yes, I am aware of this issue - for some years now, in fact. I did not fix it yet because I was worried that the proposed fixes would break portability to some older and/or non-Linux systems, and I did not have time to check (had more important stuff to do). Well, I checked the .section approach as used by Gentoo on an 11 years old Linux system just recently - and it worked (in the sense that it did not break the compile). So I think I will just use it with a proper #ifdef. Ah, perfect. Generally it's up in the air which is better (ifdef'ing each .s file, or a version-sensitive ASFLAGS). Thanks for looking into it! Meanwhile, it is up to you to choose any of these approaches for the Debian and Ubuntu packages. Sure thing. Since we've already got specific versions of compilers, I think ASFLAGS is the smallest patch, so we'll probably keep that until we pull the exec-stack-fixed version of john. :) On a related note, I think that exec-shield lacks an enforcing mode (sysctl'able) where it would ignore those flags, because most binaries that it treats as potentially requiring executable stack actually don't. Well, the memory-protection bits are mainline (not part of the exec-shield patches), but yes, the ELF loader non-optionally sets the memory protections based on GNU_STACK flags. -Kees -- kees Cook@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#543451: needlessly executable stack
Package: john Version: 1.7.2-3 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch Hello! It seems that john is built (in some situation) against assembly code that lack stack markings[1]. This results in the entire program being built with an executable stack. The attached patch solve this by adding a default ASFLAGS option to turn off executable stacks when assembling. Thanks! -Kees [1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks -- Kees Cook@debian.org diff -u john-1.7.2/debian/patches/series john-1.7.2/debian/patches/series --- john-1.7.2/debian/patches/series +++ john-1.7.2/debian/patches/series @@ -8,0 +9 @@ +10-nonexec_stack.patch only in patch2: unchanged: --- john-1.7.2.orig/debian/patches/10-nonexec_stack.patch +++ john-1.7.2/debian/patches/10-nonexec_stack.patch @@ -0,0 +1,16 @@ +Description: disable executable stack assumption when compiling. +Ubuntu: https://launchpad.net/bugs/418393 + +Index: john-1.7.2/src/Makefile +=== +--- john-1.7.2.orig/src/Makefile 2009-08-24 18:53:57.0 -0700 john-1.7.2/src/Makefile 2009-08-24 18:54:07.0 -0700 +@@ -16,7 +16,7 @@ + NULL = /dev/null + CPPFLAGS = -E + CFLAGS = -c -Wall -O2 -fomit-frame-pointer +-ASFLAGS = -c ++ASFLAGS = -c -Wa,--noexecstack + LDFLAGS = -s + LIBS = -lcrypto + OPT_NORMAL = -funroll-loops