[patch] Adding stack markings to the x86 assembly for not using executable stack
Kees Cook
kees at ubuntu.com
Thu Aug 27 09:25:42 PDT 2009
Hi Andrew,
On Thu, Aug 27, 2009 at 12:04:07PM +0100, Andrew John Hughes wrote:
> 2009/8/27 Matthias Klose <doko at ubuntu.com>:
> > This was reported as https://edge.launchpad.net/bugs/409736
> >
> > Java is marked to have an executable stack[1]. This is potentially
> > dangerous, and is simply an oversight from one of the compiled assembly
> > files. Adding stack markings to the assembly solves the issue.
> >
> > sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java passes
> > both stock and and with non-exec-stack.
> >
> > gcc -fstack-protector is the default on Ubuntu. I'd like to see this patch
> > for the IcedTea 1.6 release as well.
> >
> > Matthias
> >
>
> I've heard about this issue before from Gentoo users and the fix, if
> it truly is this simple, would be good to have.
The question tends to be one of portability. In cases were non-gcc is
used, ifdef's need to be built around the flag line. I can provide some
examples, if needed.
> Are you sending this patch upstream? It would be good to have some
> feedback from the HotSpot developers before we commit this for a
> release.
>
> Does this affect SPARC too?
I'm not familiar with SPARC hardware, but if it supports "execute" memory
protections, then it is a valuable change there too. It it doesn't, it
won't hurt anything, IIUC.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the distro-pkg-dev
mailing list