Bug 996365
Summary: | /proc/sys/kernel/exec-shield not found in Fedora 19 and no stop a "Stack Smashing" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nix\ <nix.sasl> |
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dkholia, dwalsh, gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, nix.sasl, sgrubb |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-06 17:20:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nix\
2013-08-13 04:25:13 UTC
Fedora makes use of NX bit automatically when it is available. $ dmesg | grep protection Sep 2 13:56:48 hostname kernel: [ 0.000000] NX (Execute Disable) protection: active ... Additionally, see https://bugzilla.redhat.com/show_bug.cgi?id=163735 On Fedora 19, $ cat /proc/sys/kernel/randomize_va_space 2 (this is the "strongest" possible ASLR setting) ... I think that this code is *not* exploitable on modern Fedora systems without *disabling* lot of the protections we have enabled by *default*. That being said, we are always working on enabling new hardening features. e.g. https://fedorahosted.org/fesco/ticket/1153 Also, the exec-shield sysrq isn't present because we no longer carry the out-of-tree execshield patch. That patch isn't needed on systems that support NX. Overwriting the stack, as your testcase does, generates a SEGFAULT as expected. If you want stack smashing protection, you should compile with -fstack-protector. Most code in Fedora is compiled with that. |