oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions

From: Ramon de C Valle <rcvalle () live com>
Date: Tue, 23 Oct 2018 00:22:28 +0000
This is already public because oss-security is a public mailing list.

Most GNU/Linux distributions ensure that only very special binaries
(such as some versions of the Ada compiler) enable executable stacks.
In our experience, if the toolchain produces a binary that requests an
executable stack, it is more likely due to manually written assembler
files without the required stack executability markup section, and not
due to nested C functions whose address escapes.  Without scanning built
binaries for these discrepancies, such cases could easily be missed.

Please also note that an executable stack is not a vulnerability itself,
and it is not directly exploitable.  (The same applies to the lack of
Intel CET support in binaries.)


While I agree with that I still think that this extension (or its name) is misleading, see 
https://lkml.org/lkml/2012/1/9/138. The PF_X flag set in the PT_GNU_STACK segment header or the absence of the 
PT_GNU_STACK segment header can result in an application unnoticeably having not only the stack, but also all readable 
virtual memory mappings also executable.

Ramon de C Valle
Previous By Date Next
Previous By Thread Next

Current thread: