Arch Linux

Please throw a warning if a ELF file has a executable stack. (RWE)

Example output:

# readelf -l usr/lib/libgnutls.so.28.2.0

<cut>

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0xe60b4 0xe60b4 R E 0x1000
LOAD 0x0e6d70 0x000e7d70 0x000e7d70 0x04ea4 0x05a88 RW 0x1000
DYNAMIC 0x0eacac 0x000ebcac 0x000ebcac 0x00118 0x00118 RW 0x4
NOTE 0x000114 0x00000114 0x00000114 0x00024 0x00024 R 0x4
GNU_EH_FRAME 0x0cdd54 0x000cdd54 0x000cdd54 0x03a54 0x03a54 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4 <---------------- Should be RW
GNU_RELRO 0x0e6d70 0x000e7d70 0x000e7d70 0x04290 0x04290 R 0x1

<cut>

Or using the execstack utility from prelink:

# execstack usr/lib/libgnutls*
- usr/lib/libgnutls-extra.so
- usr/lib/libgnutls-extra.so.28
- usr/lib/libgnutls-extra.so.28.2.0
- usr/lib/libgnutls-openssl.so
- usr/lib/libgnutls-openssl.so.27
- usr/lib/libgnutls-openssl.so.27.0.1
X usr/lib/libgnutls.so
X usr/lib/libgnutls.so.28
X usr/lib/libgnutls.so.28.2.0
- usr/lib/libgnutlsxx.so
- usr/lib/libgnutlsxx.so.28
- usr/lib/libgnutlsxx.so.28.0.0


Applications that link against libraries with an executable stack will NOT work on hardened systems. Besides that, it's bad and bugs should be filed against the upstream project if the usual fixes* do not work.

* Adding -Wa,--noexecstack to CFLAGS and/or using -Wl,-z,noexecstack linker flag, whatever works.