NSS

  1. Bug #409864
  2. Comment #17

Comment 17 for bug 409864

Revision history for this message
Jozsef Kadlecsik (kadlec-launchpad) wrote : libfreebl3.so has got RWE flags in the PT_GNU_STACK ELF header

Description: Ubuntu 8.04.3 LTS
Release: 8.04

libnss3-1d version is 3.12.3.1-0ubuntu0.8.04.1

The libfreebl3.so library from the package has got RWE flags in the PT_GNU_STACK ELF header:

$ readelf -l /usr/lib/nss/libfreebl3.so

Elf file type is DYN (Shared object file)
Entry point 0x2f40
There are 5 program headers, starting at offset 64

Program Headers:
  Type Offset VirtAddr PhysAddr
                 FileSiz MemSiz Flags Align
  LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000055b24 0x0000000000055b24 R E 200000
  LOAD 0x0000000000055b28 0x0000000000255b28 0x0000000000255b28
                 0x0000000000000d8c 0x0000000000005018 RW 200000
  DYNAMIC 0x00000000000563a0 0x00000000002563a0 0x00000000002563a0
                 0x0000000000000210 0x0000000000000210 RW 8
  GNU_EH_FRAME 0x00000000000509e0 0x00000000000509e0 0x00000000000509e0
                 0x0000000000000d44 0x0000000000000d44 R 4
  GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000 RWE 8

In consequence, glibc ld.so creates all stack allocated by the library with rwe flags unnecessarily.

The library can be fixed by issuing

# execstack -c /usr/lib/nss/libfreebl3.so

but the package should install a non-exploitable library.