Static FDPIC executable may get an executable stack even when it has
non-executable GNU_STACK segment. This happens when STACK segment has rw
permissions, but does not specify stack size. In that case FDPIC loader
uses permissions of the interpreter's stack, and for static executables
with no interpreter it results in choosing the arch-default permissions
for the stack.
Fix that by using the interpreter's properties only when the interpreter
is actually used.
Signed-off-by: Max Filippov <[email protected]>
---
fs/binfmt_elf_fdpic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index be4e7ac3efbc..f6d72fe3998c 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -322,7 +322,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
else
executable_stack = EXSTACK_DEFAULT;
- if (stack_size == 0) {
+ if (stack_size == 0 && interp_params.flags & ELF_FDPIC_FLAG_PRESENT) {
stack_size = interp_params.stack_size;
if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
executable_stack = EXSTACK_ENABLE_X;
--
2.39.2
Ping?
On Thu, Jan 18, 2024 at 7:07 AM Max Filippov <[email protected]> wrote:
>
> Static FDPIC executable may get an executable stack even when it has
> non-executable GNU_STACK segment. This happens when STACK segment has rw
> permissions, but does not specify stack size. In that case FDPIC loader
> uses permissions of the interpreter's stack, and for static executables
> with no interpreter it results in choosing the arch-default permissions
> for the stack.
>
> Fix that by using the interpreter's properties only when the interpreter
> is actually used.
>
> Signed-off-by: Max Filippov <[email protected]>
> ---
> fs/binfmt_elf_fdpic.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
> index be4e7ac3efbc..f6d72fe3998c 100644
> --- a/fs/binfmt_elf_fdpic.c
> +++ b/fs/binfmt_elf_fdpic.c
> @@ -322,7 +322,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
> else
> executable_stack = EXSTACK_DEFAULT;
>
> - if (stack_size == 0) {
> + if (stack_size == 0 && interp_params.flags & ELF_FDPIC_FLAG_PRESENT) {
> stack_size = interp_params.stack_size;
> if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
> executable_stack = EXSTACK_ENABLE_X;
> --
> 2.39.2
>
--
Thanks.
-- Max
On Thu, 18 Jan 2024 07:06:37 -0800, Max Filippov wrote:
> Static FDPIC executable may get an executable stack even when it has
> non-executable GNU_STACK segment. This happens when STACK segment has rw
> permissions, but does not specify stack size. In that case FDPIC loader
> uses permissions of the interpreter's stack, and for static executables
> with no interpreter it results in choosing the arch-default permissions
> for the stack.
>
> [...]
Applied to for-next/execve, thanks!
[1/1] fs: binfmt_elf_efpic: don't use missing interpreter's properties
https://git.kernel.org/kees/c/15fd1dc3dadb
Take care,
--
Kees Cook