Displaying 20 results from an estimated 29 matches for "execstack".
2014 May 02
4
[PATCH] tests: simple test for execstack supermin
Add a simple test which uses scanelf or readelf to detect whether the
supermin executable is really not executable.
Kind of followup of commit c9f7a7998021e1cbe22a8ec325d43e2bdc3eff5a.
---
tests/Makefile.am | 1 +
tests/test-execstack.sh | 32 ++++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100755 tests/test-execstack.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am
index dc73737..4dc5958 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -23,6 +23,7 @@ EXTRA_DIST = \
TESTS = \
t...
2007 May 30
2
Centos 5 OpenVPN / SElinux
...1 kernel: audit(1180381151.395:12): avc:
denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs
ino=1396 scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=fd
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.458:13): avc:
denied { execstack } for pid=3012 comm="openvpn"
scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:openvpn_t:s0 tclass=process
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.465:14): avc:
denied { use } for pid=3014 comm="openvpn" name="null" dev=tmpfs
ino=1396 s...
2020 Jul 25
0
[klibc:master] Kbuild: Fix the compiler execstack option
...c/klibc.git;a=commit;h=1147f916daac11afee085bd0e94471d9346a0965
Author: Ben Hutchings <ben at decadent.org.uk>
AuthorDate: Sat, 25 Jul 2020 20:41:37 +0100
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Sat, 25 Jul 2020 20:45:29 +0100
[klibc] Kbuild: Fix the compiler execstack option
The compiler driver does not add any dashes to the options
given to -Wa, so we need to use either -Wa,--execstack or
-Wa,--noexecstack.
(I had this working some time ago, so I don't know how I ended up
committing the broken version.)
Signed-off-by: Ben Hutchings <ben at decadent.or...
2020 Jul 25
0
[klibc:execstack-fixes] s390: Set sa_restorer for signals and disable executable stack
...bc/arch/s390/MCONFIG
index c36acd7a..7ffbcc45 100644
--- a/usr/klibc/arch/s390/MCONFIG
+++ b/usr/klibc/arch/s390/MCONFIG
@@ -22,6 +22,5 @@ endif
KLIBCASMARCH = s390
KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
2020 Jul 25
0
[klibc:execstack-fixes] sparc: Set sa_restorer for signals and disable executable stack
...arc/MCONFIG
+++ b/usr/klibc/arch/sparc/MCONFIG
@@ -18,6 +18,5 @@ KLIBCARCHREQFLAGS += -D__sparc32__
# and call instructions have a 30-bit signed offset, << 2.
KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
2020 Aug 20
0
[klibc:execstack-fixes] s390: Set sa_restorer for signals and disable executable stack
...bc/arch/s390/MCONFIG
index c36acd7a..7ffbcc45 100644
--- a/usr/klibc/arch/s390/MCONFIG
+++ b/usr/klibc/arch/s390/MCONFIG
@@ -22,6 +22,5 @@ endif
KLIBCASMARCH = s390
KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
2020 Aug 20
0
[klibc:execstack-fixes] sparc: Set sa_restorer for signals and disable executable stack
...arc/MCONFIG
+++ b/usr/klibc/arch/sparc/MCONFIG
@@ -18,6 +18,5 @@ KLIBCARCHREQFLAGS += -D__sparc32__
# and call instructions have a 30-bit signed offset, << 2.
KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
2020 Jul 25
0
[klibc:execstack-fixes] alpha: Set sa_restorer for signals and disable executable stack
...pha/MCONFIG
index 072adb85..e71db264 100644
--- a/usr/klibc/arch/alpha/MCONFIG
+++ b/usr/klibc/arch/alpha/MCONFIG
@@ -15,6 +15,5 @@ KLIBCBITSIZE = 64
# the binary.
KLIBCSHAREDFLAGS = -Ttext-segment 0x1c0000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
diff --git a/usr/klibc/arch/alpha/sigreturn.S b/usr/klibc/arch/alpha/sigreturn.S
new file mode 100644
index 00000000..02aba9c5
--- /dev/null
+++ b/usr/klibc/arch/alpha/sigreturn.S
@@ -0,0 +1,16 @@
+/*
+ * arch/alpha/sigretur...
2020 Aug 20
0
[klibc:execstack-fixes] alpha: Set sa_restorer for signals and disable executable stack
...pha/MCONFIG
index 072adb85..e71db264 100644
--- a/usr/klibc/arch/alpha/MCONFIG
+++ b/usr/klibc/arch/alpha/MCONFIG
@@ -15,6 +15,5 @@ KLIBCBITSIZE = 64
# the binary.
KLIBCSHAREDFLAGS = -Ttext-segment 0x1c0000000
-# Kernel uses stack trampoline for signal return unless we set
-# sa_restorer
-KLIBCEXECSTACK := y
+# Kernel uses our sa_restorer for signal return
+KLIBCEXECSTACK := n
diff --git a/usr/klibc/arch/alpha/sigreturn.S b/usr/klibc/arch/alpha/sigreturn.S
new file mode 100644
index 00000000..95415edd
--- /dev/null
+++ b/usr/klibc/arch/alpha/sigreturn.S
@@ -0,0 +1,16 @@
+/*
+ * arch/alpha/sigretur...
2018 Aug 21
7
[lld] avoid emitting PLT entries for ifuncs
...ble retpoline at boot time.
It could also be useful for implementing static DTrace trace points.
Thanks,
-Mark
diff --git a/ELF/Config.h b/ELF/Config.h
index 5dc7f5321..b5a3d3266 100644
--- a/ELF/Config.h
+++ b/ELF/Config.h
@@ -182,6 +182,7 @@ struct Configuration {
bool ZCopyreloc;
bool ZExecstack;
bool ZHazardplt;
+ bool ZIfuncnoplt;
bool ZInitfirst;
bool ZKeepTextSectionPrefix;
bool ZNodelete;
diff --git a/ELF/Driver.cpp b/ELF/Driver.cpp
index aced1edca..e7896cedf 100644
--- a/ELF/Driver.cpp
+++ b/ELF/Driver.cpp
@@ -340,7 +340,8 @@ static bool getZFlag(opt::InputArgList &A...
2015 Apr 02
2
Re: [PATCH] Adding ibm-powerkvm distro detection (the right one)
...not really work. Did you tried running the test
> suite (`make check`)?
>
These are the results of make check in the system I've used to test the
patch. The system is
in an internal isolated network, thus I believe some failures were
expected to happen.
PASS: test-basic.sh
PASS: test-execstack.sh
FAIL: test-build-bash.sh
FAIL: test-binaries-exist.sh
SKIP: test-harder.sh
FAIL: test-build-bash-network.sh
FAIL: test-binaries-exist-network.sh
SKIP: test-harder-network.sh
make[4]: Entering directory `/root/supermin/tests'
make[4]: Nothing to be done for `all'.
make[4]: Leaving directo...
2008 Oct 31
3
[LLVMdev] nested function's static link gets clobbered
...li to compile the entire program
(-no-lazy) so that the stub won't be generated, but gives the error:
LLVM JIT requested to do lazy compilation of function
'_Z41__static_initialization_and_destruction_0ii' when lazy compiles are
disabled!
Any ideas?
Note, I had to compile lli with -z execstack in order for trampolines on the
stack to work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20081031/682d11d7/attachment.html>
2015 Apr 02
2
Re: [PATCH] Adding ibm-powerkvm distro detection (the right one)
...>>>
>> These are the results of make check in the system I've used to test the
>> patch. The system is
>> in an internal isolated network, thus I believe some failures were
>> expected to happen.
>>
>>
>> PASS: test-basic.sh
>> PASS: test-execstack.sh
>> FAIL: test-build-bash.sh
>> FAIL: test-binaries-exist.sh
>> SKIP: test-harder.sh
>> FAIL: test-build-bash-network.sh
>> FAIL: test-binaries-exist-network.sh
>> SKIP: test-harder-network.sh
>> make[4]: Entering directory `/root/supermin/tests'
>...
2008 Nov 01
0
[LLVMdev] nested function's static link gets clobbered
...zy) so that the stub won't be generated, but gives the error:
>
> LLVM JIT requested to do lazy compilation of function
> '_Z41__static_initialization_and_destruction_0ii' when lazy compiles are
> disabled!
>
> Any ideas?
>
> Note, I had to compile lli with -z execstack in order for trampolines on the
> stack to work.
Maybe lli can be taught to mark itself as having an executable stack when
it sees a trampoline. I'm not sure how this can best be done. On linux
I guess it can be done using mmap.
Ciao,
Duncan.
2015 Apr 02
2
Re: [PATCH] Adding ibm-powerkvm distro detection (the right one)
...k in the system I've used to test the
>>>> patch. The system is
>>>> in an internal isolated network, thus I believe some failures were
>>>> expected to happen.
>>>>
>>>>
>>>> PASS: test-basic.sh
>>>> PASS: test-execstack.sh
>>>> FAIL: test-build-bash.sh
>>>> FAIL: test-binaries-exist.sh
>>>> SKIP: test-harder.sh
>>>> FAIL: test-build-bash-network.sh
>>>> FAIL: test-binaries-exist-network.sh
>>>> SKIP: test-harder-network.sh
>>>> mak...
2020 Jun 25
5
process '/usr/bin/rsync' started with executable stack
On Thu, Jun 25, 2020 at 01:04:29PM +0300, Dan Carpenter wrote:
> On Wed, Jun 24, 2020 at 12:39:24PM -0700, Kees Cook wrote:
> > On Wed, Jun 24, 2020 at 07:51:48PM +0300, Dan Carpenter wrote:
> > > In Debian testing the initrd triggers the warning.
> > >
> > > [ 34.529809] process '/usr/bin/fstype' started with executable stack
> >
> >
2020 Jul 25
0
[klibc:master] Kbuild: Add a per-architecture option to disable exectable stacks
...Sat, 25 Jul 2020 17:33:29 +0100
[klibc] Kbuild: Add a per-architecture option to disable exectable stacks
We still want to avoid executable stacks, but now we will only do so
for architectures where we know we can avoid stack trampolines for
signal return.
Disable executable stacks only if KLIBCEXECSTACK is set to 'n' by the
architecture's MCONFIG.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
scripts/Kbuild.klibc | 5 ++++-
usr/klibc/Kbuild | 1 +
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/Kbuild.klibc b/scripts/Kbuild.klibc
index b7e...
2006 Feb 04
1
Problems with NX ?
i've just compiled and installed 0.9.7 on my shiny new pentium D box
(FC4+updates & 2.6.15.1 kernel)
and i've got a pesky solitary windows application that page faults at it's
entry address (0x406796).
its only this one application that dies (its a proprietary compiler, so i
can't distribute anything to test with unfortunately).
if i turn off NX in the BIOS, it works fine
2020 Jul 25
0
process '/usr/bin/rsync' started with executable stack
...90, and sparc32. As
of today, the master branch should correctly enable executable stacks
on these and only these architecture.
I have a development branch that sets sa_restorer and disables
executable stacks on alpha, s390, and sparc32:
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/log/?h=execstack-fixes
But I haven't yet tested those changes other than on qemu-user.
The m68k and parisc kernel ports still don't support any alternatives
to trampolines for signal return, or they didn't when I reviewed this
a few months ago.
Ben.
> Thoughts?
>
> -Kees
>
>
> [...
2020 Aug 22
0
[ANNOUNCE] klibc 2.0.8
...ibc] arch: Remove cris port
Revert "[klibc] Kbuild: Tell gas we don't want executable stacks"
[klibc] Kbuild: Add a per-architecture option to disable exectable stacks
[klibc] arch: Explicitly disable or enable executable stacks
[klibc] Kbuild: Fix the compiler execstack option
[klibc] stdio: Add extern definition of clearerr()
[klibc] stdio: Define all the _unlocked functions and macros
Merge remote-tracking branch 'origin/sysconf'
[klibc] tests: Add a trivial test for sysconf()
[klibc] klcc: Treat CC, LD, STRIP as multiple wo...