how to determine if the noexec stack is defined by an application
Florin Andrei
http://people.redhat.com/mingo/nx-patches/QuickStart-NX.txt
Quote:
"If an application defines a noexec stack then the kernel will enforce
this executability, and all attempts to execute on the stack will be
prevented by the hardware."
My question is related to the conditional "if an application". So it
looks like it depends on the app.
Now, the OS/hardware combination that I'm using (RHEL4 WS 32 bit on
AMD64 CPU - long story, don't ask) definitely enables NX:
# grep -i nx /var/log/dmesg
NX (Execute Disable) protection: active
But it's running a Web service which is a combination of C code and
Tomcat/Java. I have no clue how to determine which portions specify a
noexec stack and which don't.
In case it turns out some portions do not specify a noexec stack, my
next question is how to get the application to create a noexec stack
(assume I can make that request to the developers).
(please do NOT Cc me, I'm subscribed to the list)
--
Florin Andrei
http://florin.myip.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Arjan van de Ven
> But it's running a Web service which is a combination of C code and
> Tomcat/Java. I have no clue how to determine which portions specify a
> noexec stack and which don't.
>
> In case it turns out some portions do not specify a noexec stack, my
> next question is how to get the application to create a noexec stack
> (assume I can make that request to the developers).
like this:
$ eu-readelf -l /bin/true | grep STACK
GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
(replace /bin/true with the binary or library you want to check)
if it says "RW" like here, it'll have non-executable stack. If it says
"RWX" or if this line is absent entirely, the stack will be executable.
Andreas Schwab
> like this:
>
> $ eu-readelf -l /bin/true | grep STACK
> GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
>
>
> (replace /bin/true with the binary or library you want to check)
>
> if it says "RW" like here, it'll have non-executable stack. If it says
> "RWX" or if this line is absent entirely, the stack will be executable.
The last part is not true. Some architectures (especially newer ones)
default to non-exec stack. The absense of a GNU_STACK header represents
the default.
Andreas.
--
Andreas Schwab, SuSE Labs, sch...@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
Arjan van de Ven
> Arjan van de Ven <ar...@infradead.org> writes:
>
> > like this:
> >
> > $ eu-readelf -l /bin/true | grep STACK
> > GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
> >
> >
> > (replace /bin/true with the binary or library you want to check)
> >
> > if it says "RW" like here, it'll have non-executable stack. If it says
> > "RWX" or if this line is absent entirely, the stack will be executable.
>
> The last part is not true. Some architectures (especially newer ones)
> default to non-exec stack. The absense of a GNU_STACK header represents
> the default.
ok you're right; powerpc64 defaults to non-executable stack
(all others default to executable stack)
--
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org
Andreas Schwab
> (all others default to executable stack)
Except ia64.
Andreas.
--
Andreas Schwab, SuSE Labs, sch...@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
Arjan van de Ven
> Arjan van de Ven <ar...@infradead.org> writes:
>
> > (all others default to executable stack)
>
> Except ia64.
for ia64 it depends on the personality actually .. just to make it more
complex.
--
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org
-
Florin Andrei
>> But it's running a Web service which is a combination of C code and
>> Tomcat/Java. I have no clue how to determine which portions specify a
>> noexec stack and which don't.
>
>
> $ eu-readelf -l /bin/true | grep STACK
> GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
Is Sun Java 1.5 a known exception - as an application that doesn't set a
noexec stack and reverts to default?
# eu-readelf -l ./java | grep STACK | wc -l
0
But then, this bug report seems to indicate otherwise, if I'm reading it
correctly:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5051381
--
Florin Andrei
Arjan van de Ven
> Arjan van de Ven wrote:
> >> But it's running a Web service which is a combination of C code and
> >> Tomcat/Java. I have no clue how to determine which portions specify a
> >> noexec stack and which don't.
> >
> > like this:
> >
> > $ eu-readelf -l /bin/true | grep STACK
> > GNU_STACK 0x000000 0x00000000 0x00000000 0x000000 0x000000 RW 0x4
>
> Is Sun Java 1.5 a known exception - as an application that doesn't set a
> noexec stack and reverts to default?
>
> # eu-readelf -l ./java | grep STACK | wc -l
> 0
>
> But then, this bug report seems to indicate otherwise, if I'm reading it
> correctly:
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5051381
that's not a mainline kernel; and I don't rule out that early RHEL3
versions had a 64/32 bug in this area
>
--
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org
-