Closed Bug 283710 Opened 20 years ago Closed 20 years ago

[execshield] libnspr4.so has executable stack on ia64

Categories

(NSPR :: NSPR, defect)

Product:
NSPR
Component:
NSPR
Platform:
Other
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: caillon, Assigned: caillon)

Details

Attachments

(1 file)

Patch
630 bytes, patch
wtc
: review+
Details | Diff | Splinter Review 
> readelf -Wl libnspr4.so | grep GNU_STACK
  GNU_STACK          0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4

The stack should be RW, not RWE.  If someone can inject code into the stack
(using a buffer overflow, etc), it could be executed.
Attached patch PatchSplinter Review 

        Attachment #175607 -
        Flags: review?(wtchang)

    
    

    
  
Comment on attachment 175607 [details] [diff] [review]
Patch

r=wtc.

        Attachment #175607 -
        Flags: review?(wtchang) → review+

    
    

    
  
Patch checked into the NSPR tip (NSPR 4.6) and
NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.8 Beta 2).

Chris, I also took the opportunity to fix the comments
in os_Linux_ia64.s, so the actual checkin is different
from your patch.  Please rebuild NSPR and verify my
checkin is correct.
Status: NEW → RESOLVED
Closed: 20 years ago
QA Contact: wtchang → caillon
Resolution: --- → FIXED
Target Milestone: --- → 4.6

    
    

    
  
Is there any need for this to be security confidential still?

    
    

    
  
Nope.  removing flag.
Group: security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: