On Fri, Apr 9, 2021 at 3:46 PM Laurent Bercot <ska-skaw...@skarnet.org> wrote:
>   Oh! That's interesting

Interesting, and very nasty:

"Fail open design

Since this is the default, the only way to get a non-executable stack
is if every object file input to the linker explicitly declares that
it does not need an executable stack. To request a non-executable
stack, an object file must contain the (empty) section
.note.GNU-stack. If even a single object file fails to do this, then
the final program gets an executable stack.

Not only does one contaminated object file infect the binary,
everything dynamically linked with it also gets an executable stack.
Entire processes are infected! This occurs even via dlopen(), where
the stack is dynamically made executable to accomodate the new shared

Infectious Executable Stacks

Reply via email to