Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1317814ybt; Thu, 25 Jun 2020 03:12:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxm6QdEtFuaHqrGsy6e9eBWIT0enSWnyt3Y/HKmW+6N6wrQH4JElpKGCsn+vrLI2e2azB9O X-Received: by 2002:aa7:c607:: with SMTP id h7mr31746305edq.214.1593079950073; Thu, 25 Jun 2020 03:12:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593079950; cv=none; d=google.com; s=arc-20160816; b=Y2n/U3YZBALTEbE9nIT09F+JUxaJo5vm009+wWU6Zy+MXptL8hrSLv7b5i0QU738IB esa6FJTMgAEomft+FO+OeSJAGNCA8OAmsY43G4052nmjRtiIwGEwkyeISMsYqJYyqE+Y UMPKDfhP6JT5fX5WYPVdrDUiSCyloqEBNSd7A2S+QrVcKMLuXi0YGs/Tfa6vZOb6jdmg 4LiLbBeOk5YqQyzoBzTPsbirEaK22dOrAxaoKPVn/zSYyN7Tu8/A9FwdDA2wksyntGzt ee3N1Gx72gR4jO60hIALFPAps7+mgFW74HnwN66FlGHXRrvqrGn+6SnNONktCPWyPiV5 rv1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=rtWVb/DasMEwTb3euQBD1fXSHM6/TSZdxpSwwI2jZHQ=; b=G+UWtKGc7kfQlXPxXMNo9+RxpPh9UCbr6QiyNy3weO0ptMnOI5/bwAdMXmZb/EKjrC tysOgXLiDBw0p5BnuUy16sbzU0gT2MTF1E91Kd/HlZprTd4C1VTiHvsw705ndolZa0Zx kRA05TuyNkQwKBjnDLXxrw3XMSsyVRe1iFUCEvLPKUFj5KwO178vgYxVzl9EGmuEUfBs YgYlLYg7GZsgMKnEDVaG8QLRU0/dugEe1X8gy1FBfO2ZH6bcrvRQPGfKVK1KJyQbwNhO 7faTMl5GhzLhJ1plvk7NxkwjAfwy/wvfA532QpcTMc7c1VJSWqdBHWJMVBeO5r6LrieJ 7W0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mZnJNcIm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dt12si21888187ejc.46.2020.06.25.03.12.06; Thu, 25 Jun 2020 03:12:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mZnJNcIm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390862AbgFYKFR (ORCPT + 99 others); Thu, 25 Jun 2020 06:05:17 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:59722 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403848AbgFYKFP (ORCPT ); Thu, 25 Jun 2020 06:05:15 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05PA2ko9068025; Thu, 25 Jun 2020 10:04:44 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2020-01-29; bh=rtWVb/DasMEwTb3euQBD1fXSHM6/TSZdxpSwwI2jZHQ=; b=mZnJNcImvuACO+tTVXCHlb9fLzhsxBOpK0N5zJenM9AuUZ3gzj5H6EhZUvUHOBzeLyLF 6rvJSlUT62O6VHdLkZoQqcwPGgCgVUDqVAGPZbI1xUNw7zeAk+HQnVg/tCzkqhNshlUv 60EVIeouzi+ptiE3UiBmCkYXrIHm8K2Sd3+KRMMmhVd3z7hEAtQmL3XyFYmrM6gl6sza kr3EDbE6nqt909x5UgZKRiqIOMvURcuUD2qsduJKgNcvxWZTv3oGLr0Nb5FJpWF2MF8y f9sGj/aJNMCEohiadMpcagRXfO1XBfrTAaGkbijUDhufhl9Llu6laJWhSN7OnbykK5Sy Ew== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2130.oracle.com with ESMTP id 31uut5qkvc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 25 Jun 2020 10:04:44 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 05PA3vE5054503; Thu, 25 Jun 2020 10:04:44 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserp3030.oracle.com with ESMTP id 31uur10qht-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Jun 2020 10:04:43 +0000 Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 05PA4b96012742; Thu, 25 Jun 2020 10:04:38 GMT Received: from kadam (/41.57.98.10) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 25 Jun 2020 10:04:36 +0000 Date: Thu, 25 Jun 2020 13:04:29 +0300 From: Dan Carpenter To: Kees Cook Cc: Christian Kujau , Alexey Dobriyan , Andrew Morton , Willy Tarreau , linux-kernel@vger.kernel.org Subject: Re: process '/usr/bin/rsync' started with executable stack Message-ID: <20200625100429.GB2571@kadam> References: <20200624165148.GD31008@kadam> <202006241238.E9CB1CE85B@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202006241238.E9CB1CE85B@keescook> User-Agent: Mutt/1.9.4 (2018-02-28) X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9662 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=999 adultscore=0 mlxscore=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006250062 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9662 signatures=668680 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 clxscore=1015 lowpriorityscore=0 bulkscore=0 adultscore=0 spamscore=0 suspectscore=0 phishscore=0 impostorscore=0 cotscore=-2147483648 priorityscore=1501 mlxscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006250062 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 24, 2020 at 12:39:24PM -0700, Kees Cook wrote: > On Wed, Jun 24, 2020 at 07:51:48PM +0300, Dan Carpenter wrote: > > In Debian testing the initrd triggers the warning. > > > > [ 34.529809] process '/usr/bin/fstype' started with executable stack > > Where does fstype come from there? I am going to guess it is either > busybox or linked against klibc? > > klibc has known problems with executable stacks due to its trampoline > implementation: > https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks Yeah. It comes from klibc-utils. regards, dan carpenter