[Secure-testing-team] Bug#786573: ghc: GHC 7.6.3 generates binaries with executable stack and data sections
Jonathan Neuschäfer
j.neuschaefer at gmx.net
Fri May 22 23:19:10 UTC 2015
Package: ghc
Version: 7.6.3-21
Severity: normal
Tags: security
Hi,
GHC 7.6.3, which is included in Debian jessie (now stable), generates
binaries with an executable stack and apparently with executable data
sections (on amd64; I didn't test anywhere else):
> $ echo 'main = print 1' > test.hs
> $ ghc test.hs
> [1 of 1] Compiling Main ( test.hs, test.o )
> Linking test ...
> $ gdb ./test --ex start
> Reading symbols from ./test...(no debugging symbols found)...done.
> Temporary breakpoint 1 at 0x405886
> Starting program: /tmp/test
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
>
> Temporary breakpoint 1, 0x0000000000405886 in main ()
> (gdb) i proc
> process 20652
> cmdline = '/tmp/test'
> cwd = '/tmp'
> exe = '/tmp/test'
> (gdb) ^Z
> [1]+ Angehalten gdb -q ./test --ex start
> $ cat /proc/20652/maps
> 00400000-004ae000 r-xp 00000000 08:01 1315509 /tmp/test
> 006ad000-006b7000 rwxp 000ad000 08:01 1315509 /tmp/test
> 006b7000-006c2000 rwxp 00000000 00:00 0 [heap]
> 7ffff6c7e000-7ffff6c96000 r-xp 00000000 08:01 920012 /lib/x86_64-linux-gnu/libpthread-2.19.so
> 7ffff6c96000-7ffff6e95000 ---p 00018000 08:01 920012 /lib/x86_64-linux-gnu/libpthread-2.19.so
> 7ffff6e95000-7ffff6e96000 r-xp 00017000 08:01 920012 /lib/x86_64-linux-gnu/libpthread-2.19.so
> 7ffff6e96000-7ffff6e97000 rwxp 00018000 08:01 920012 /lib/x86_64-linux-gnu/libpthread-2.19.so
> 7ffff6e97000-7ffff6e9b000 rwxp 00000000 00:00 0
> 7ffff6e9b000-7ffff703a000 r-xp 00000000 08:01 920022 /lib/x86_64-linux-gnu/libc-2.19.so
> 7ffff703a000-7ffff723a000 ---p 0019f000 08:01 920022 /lib/x86_64-linux-gnu/libc-2.19.so
> 7ffff723a000-7ffff723e000 r-xp 0019f000 08:01 920022 /lib/x86_64-linux-gnu/libc-2.19.so
> 7ffff723e000-7ffff7240000 rwxp 001a3000 08:01 920022 /lib/x86_64-linux-gnu/libc-2.19.so
> 7ffff7240000-7ffff7244000 rwxp 00000000 00:00 0
> 7ffff7244000-7ffff7247000 r-xp 00000000 08:01 916708 /lib/x86_64-linux-gnu/libdl-2.19.so
> 7ffff7247000-7ffff7446000 ---p 00003000 08:01 916708 /lib/x86_64-linux-gnu/libdl-2.19.so
> 7ffff7446000-7ffff7447000 r-xp 00002000 08:01 916708 /lib/x86_64-linux-gnu/libdl-2.19.so
> 7ffff7447000-7ffff7448000 rwxp 00003000 08:01 916708 /lib/x86_64-linux-gnu/libdl-2.19.so
> 7ffff7448000-7ffff744f000 r-xp 00000000 08:01 920013 /lib/x86_64-linux-gnu/librt-2.19.so
> 7ffff744f000-7ffff764e000 ---p 00007000 08:01 920013 /lib/x86_64-linux-gnu/librt-2.19.so
> 7ffff764e000-7ffff764f000 r-xp 00006000 08:01 920013 /lib/x86_64-linux-gnu/librt-2.19.so
> 7ffff764f000-7ffff7650000 rwxp 00007000 08:01 920013 /lib/x86_64-linux-gnu/librt-2.19.so
> 7ffff7650000-7ffff7750000 r-xp 00000000 08:01 920021 /lib/x86_64-linux-gnu/libm-2.19.so
> 7ffff7750000-7ffff794f000 ---p 00100000 08:01 920021 /lib/x86_64-linux-gnu/libm-2.19.so
> 7ffff794f000-7ffff7950000 r-xp 000ff000 08:01 920021 /lib/x86_64-linux-gnu/libm-2.19.so
> 7ffff7950000-7ffff7951000 rwxp 00100000 08:01 920021 /lib/x86_64-linux-gnu/libm-2.19.so
> 7ffff7951000-7ffff7958000 r-xp 00000000 08:01 655342 /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2
> 7ffff7958000-7ffff7b57000 ---p 00007000 08:01 655342 /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2
> 7ffff7b57000-7ffff7b58000 r-xp 00006000 08:01 655342 /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2
> 7ffff7b58000-7ffff7b59000 rwxp 00007000 08:01 655342 /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2
> 7ffff7b59000-7ffff7bda000 r-xp 00000000 08:01 655328 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
> 7ffff7bda000-7ffff7dda000 ---p 00081000 08:01 655328 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
> 7ffff7dda000-7ffff7ddb000 r-xp 00081000 08:01 655328 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
> 7ffff7ddb000-7ffff7ddc000 rwxp 00082000 08:01 655328 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
> 7ffff7ddc000-7ffff7dfc000 r-xp 00000000 08:01 916570 /lib/x86_64-linux-gnu/ld-2.19.so
> 7ffff7fc7000-7ffff7fcc000 rwxp 00000000 00:00 0
> 7ffff7ff6000-7ffff7ff8000 rwxp 00000000 00:00 0
> 7ffff7ff8000-7ffff7ffa000 r-xp 00000000 00:00 0 [vdso]
> 7ffff7ffa000-7ffff7ffc000 r--p 00000000 00:00 0 [vvar]
> 7ffff7ffc000-7ffff7ffd000 r-xp 00020000 08:01 916570 /lib/x86_64-linux-gnu/ld-2.19.so
> 7ffff7ffd000-7ffff7ffe000 rwxp 00021000 08:01 916570 /lib/x86_64-linux-gnu/ld-2.19.so
> 7ffff7ffe000-7ffff7fff000 rwxp 00000000 00:00 0
> 7ffffffde000-7ffffffff000 rwxp 00000000 00:00 0 [stack]
> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
The fix discussed at [1] and [2], i.e. adding a ".note.GNU-stack"
section does not seem have an effect; it _is_ present:
> $ ghc -c test.hs
> compilation IS NOT required
> $ readelf -a test.o | grep -i stack
> [ 6] .note.GNU-stack PROGBITS 0000000000000000 000001f8
> $ ghc -S test.hs
> $ grep -i stack test.s
> .section .note.GNU-stack,"", at progbits
Thanks,
Jonathan
[1] https://ghc.haskell.org/trac/ghc/ticket/703?cversion=0&cnum_hist=26
[2] https://bugs.gentoo.org/show_bug.cgi?id=123698
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ghc depends on:
ii dpkg 1.17.25
ii gcc 4:4.9.2-2
ii libbsd-dev 0.7.0-2
ii libc6 2.19-18
ii libc6-dev 2.19-18
ii libffi-dev 3.1-2+b2
ii libffi6 3.1-2+b2
ii libgmp-dev 2:6.0.0+dfsg-6
ii libgmp10 2:6.0.0+dfsg-6
ii libtinfo5 5.9+20140913-1+b1
ghc recommends no packages.
Versions of packages ghc suggests:
ii ghc-doc 7.6.3-21
pn ghc-prof <none>
pn haskell-doc <none>
pn llvm <none>
ii perl 5.20.2-3
-- no debconf information
More information about the Secure-testing-team
mailing list