needlessly executable stack markings

Bug #409736 reported by Kees Cook on 2009-08-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openjdk-6 (Ubuntu)
Medium
Matthias Klose

Bug Description

Java is marked to have an executable stack[1]. This is potentially dangerous, and is simply an oversight from one of the compiled assembly files. Adding stack markings to the assembly solves the issue.

[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

Related branches

Kees Cook (kees) on 2009-08-19
Changed in openjdk-6 (Ubuntu):
milestone: none → karmic-alpha-6
assignee: nobody → Matthias Klose (doko)
description: updated
Kees Cook (kees) on 2009-08-19
Changed in openjdk-6 (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Kees Cook (kees) wrote :

This patch fixes the issue...

Kees Cook (kees) wrote :

It seems some of the openjdk-6 tests are unstable. The non-exec-stack change builds showed the following test differences with the updated patch against 6b16-1.6~pre1-0ubuntu1:

-Passed: java/awt/grab/EmbeddedFrameTest1/EmbeddedFrameTest1.java
+FAILED: java/awt/grab/EmbeddedFrameTest1/EmbeddedFrameTest1.java

-FAILED: sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java
+Passed: sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java

Kees Cook (kees) wrote :
Kees Cook (kees) wrote :

java/awt/grab/EmbeddedFrameTest1/EmbeddedFrameTest1.java actually passes, but fails during cleanup, so I assume this is an unstable test:

----------System.out:(13/669)----------
Any messages for the tester will display here.
Any messages for the tester will display here.
frame's peer = sun.awt.X11.XFramePeer@52cd19d(4e0002d)
x_base_window_class = class sun.awt.X11.XBaseWindow
get_window = public long sun.awt.X11.XBaseWindow.getWindow()
window = 81788973
embedded_frame = sun.awt.X11.XEmbeddedFrame[frame0,0,0,200x200,invalid,layout=java.awt.BorderLayout,title=,resizable,normal]
embedded_frame = sun.awt.X11.XEmbeddedFrame[frame0,0,0,200x200,invalid,layout=java.awt.BorderLayout,title=,resizable,normal]
Button pressed
The test passed.
The test passed.
The test is over, hit Ctl-C to stop Java VM
The test is over, hit Ctl-C to stop Java VM
----------System.err:(35/1752)----------

JavaTest Message: Test complete.

Kees Cook (kees) wrote :

Similarly, sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java passes both stock and and with non-exec-stack locally:

----------System.out:(21/1186)----------
Current cacheSize is set to: 0

Currently cached Sessions......
========================================================================
Session Session-last-accessTime
========================================================================
[Session-6, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
[Session-2, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size changed to: 2

[Session-6, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size changed to: 3
[Session-6, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
[Session-8, SSL_RSA_WITH_RC4_128_MD5] Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size tests passed
----------System.err:(3/36)----------

JavaTest Message: Test complete.

result: Passed. Execution successful

test result: Passed. Execution successful

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openjdk-6 - 6b16-1.6~pre2-0ubuntu1

---------------
openjdk-6 (6b16-1.6~pre2-0ubuntu1) karmic; urgency=low

  * Update IcedTea from the 1.6 release branch:
    - Fix buffer overflow in debugger's socket handler (Kees Cook).
      https://bugs.openjdk.java.net/show_bug.cgi?id=100103. LP: #409736.
    - plugin fixes.
  * Move the pulseaudio recommendation to a suggestion, don't build-depend
    on pulseaudio.
  * Build for armv6 (on armel).

  [ Kees Cook ]
  * debian/rules: Re-enable fortification and stack protector
    (LP: #330713).
  * Adding stack markings to the x86 assembly for not using executable
    stack. LP: #419018.

 -- Matthias Klose <email address hidden> Fri, 28 Aug 2009 18:51:34 +0200

Changed in openjdk-6 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.