FS#65699 - [rtkit] rtkit-daemon binary has executable stack

Attached to Project: Arch Linux
Opened by Markus Theil (thillux) - Wednesday, 04 March 2020, 12:26 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 05 December 2021, 08:33 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
rtkit-daemon has an stack section which is marked executable.
For security reasons, stack segments should not be executable if possible.

Found when looking at Linux 5.6-rc4 dmesg output:
[Wed Mar 4 13:08:10 2020] process '/usr/lib/rtkit-daemon' started with executable stack

The executable stack can be checked like this:
readelf -lW /usr/lib/rtkit-daemon | rg "GNU_STACK" | rg E
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 05 December 2021, 08:33 GMT
Reason for closing:  Fixed
Additional comments about closing:  rtkit 0.13-1
Comment by loqs (loqs) - Wednesday, 04 March 2020, 15:23 GMT
The xml-introspection.S added by https://github.com/heftig/rtkit/commit/14099ed04a693791dc6645566ee55a08be19a199 does not contain stack markings,
as gcc can not determine if an executable stack is required or not without the annotation it makes the stack executable.
Comment by Markus Theil (thillux) - Wednesday, 04 March 2020, 15:40 GMT
Thanks for the explanation!

Loading...