Re: [PATCH] emu: fix executable stack marking

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] emu: fix executable stack marking

From:	Michael Chang
Subject:	Re: [PATCH] emu: fix executable stack marking
Date:	Mon, 9 Aug 2021 13:05:12 +0800
User-agent:	Mutt/1.10.1 (2018-07-13)

On Thu, Aug 05, 2021 at 05:05:05PM +0200, Daniel Kiper wrote:
> On Mon, Aug 02, 2021 at 05:40:57PM +0800, Michael Chang via Grub-devel wrote:
> > The gcc by default assumes executable stack is required if the source
> > object file doesn't have .note.GNU-stack section in place. If any of the
> > source objects doesn't incorporate the GNU-stack note, the resulting
> > program will have executable stack flag set in PT_GNU_STACK program
> > header to instruct program loader or kernel to set up the exeutable
> > stack when program loads to memory.
> >
> > Usually the .note.GNU-stack section will be generated by gcc
> > automatically if it finds that executable stack is not required. However
> > it doesn't take care of generating .note.GNU-stack section for those
> > object files built from assembler sources. This leads to unnecessary
> > risk of security of exploiting the executable stack because those
> > assembler sources don't actually require stack to be executable to work.
> >
> > The grub-emu and grub-emu-lite are found to flag stack as executable
> > revealed by execstack tool.
> 
> Did you test all executables for all supported architectures and platforms?

No. But the test should cover grub executables on as many plarforms as
possbile as follow.

 i386-pc
 i386-efi
 x86_64-efi
 powerpc-ieee1275
 arm64-efi
 x86_64-xen
 x86_64-emu
 arm64-emu

> >  $ mkdir -p build-emu && cd build-emu
> >  $ ../configure --with-platform=emu && make
> >  $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
> >  X grub-core/grub-emu
> >  X grub-core/grub-emu-lite
> >
> > This patch will add the missing GNU-stack note to the assembler source
> > used by both utilities, therefore the result doesn't count on gcc
> > default behavior and the executable stack is disabled.
> >
> >  $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
> >  - grub-core/grub-emu
> >  - grub-core/grub-emu-lite
> >
> > Signed-off-by: Michael Chang <mchang@suse.com>
> 
> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Thanks for reviewing the patch.

Regards,
Michael

> 
> Daniel
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] emu: fix executable stack marking, Michael Chang, 2021/08/02
- Re: [PATCH] emu: fix executable stack marking, Daniel Kiper, 2021/08/05
  - Re: [PATCH] emu: fix executable stack marking, Michael Chang <=

Prev by Date: Re: [PATCH] Fix build error in binutils 2.36
Next by Date: Re: [PATCH 1/2] bootstrap: Require patch
Previous by thread: Re: [PATCH] emu: fix executable stack marking
Next by thread: [PATCH] Fix build error in binutils 2.36
Index(es):
- Date
- Thread