[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/29072] New: ld silently make the program stack area executable i
From: |
rui314 at gmail dot com |
Subject: |
[Bug ld/29072] New: ld silently make the program stack area executable if nested function is used |
Date: |
Tue, 19 Apr 2022 09:40:56 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=29072
Bug ID: 29072
Summary: ld silently make the program stack area executable if
nested function is used
Product: binutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: rui314 at gmail dot com
Target Milestone: ---
GCC's nested function
(https://gcc.gnu.org/onlinedocs/gcc/Nested-Functions.html) depends on the
executable stack, so the feature has a huge implication on a generated
program's security. Essentially, using the nested function feature makes the
entire program vulnerable to a simple buffer overflow attack.
GNU ld makes the stack area executable if at least one object file contains a
`.note.GNU-stack` section with `SHF_EXECINSTR`. GCC emits such section if the
nested function feature is used.
I think this surprises users. If you link against an object file that contains
such note section, the program's entire executable becomes executable without
any notice. Frankly, this looks very dangerous to me.
Can we make a change to GNU ld so that it at least print out a warning message
for the executable stack? If a user explicitly requests the executable stack by
passing `-z execstack`, then we can mute the warning.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/29072] New: ld silently make the program stack area executable if nested function is used,
rui314 at gmail dot com <=
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, mliska at suse dot cz, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, address@hidden, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, nickc at redhat dot com, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, address@hidden, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, rui314 at gmail dot com, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, nickc at redhat dot com, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, ian at airs dot com, 2022/04/19
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, nickc at redhat dot com, 2022/04/20
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, cvs-commit at gcc dot gnu.org, 2022/04/20
- [Bug ld/29072] ld silently make the program stack area executable if nested function is used, nickc at redhat dot com, 2022/04/20