[patch] Adding stack markings to the x86 assembly for not using executable stack
Kees Cook
kees at ubuntu.com
Thu Aug 27 09:22:35 PDT 2009
Hi,
On Thu, Aug 27, 2009 at 12:55:55PM +0200, Matthias Klose wrote:
> This was reported as https://edge.launchpad.net/bugs/409736
>
> Java is marked to have an executable stack[1]. This is potentially
> dangerous, and is simply an oversight from one of the compiled
> assembly files. Adding stack markings to the assembly solves the
> issue.
>
> sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java
> passes both stock and and with non-exec-stack.
>
> gcc -fstack-protector is the default on Ubuntu. I'd like to see this
> patch for the IcedTea 1.6 release as well.
Just to clarify: these stack markings have to do with the memory
protections[1] for every Java's invocation (and is not related to
-fstack-protector). For systems with NX hardware (or NX-emulation patches)
this improves the overall security in Java against exploitable of memory
corruption bugs.
If these patches are not okay, we can also set ASFLAGS to include
"-Wa,--noexecstack".
Thanks,
-Kees
[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
--
Kees Cook
Ubuntu Security Team
More information about the distro-pkg-dev
mailing list