Debian Bug report logs - #539807
needlessly executable stack

version graph

Package: mono; Maintainer for mono is Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>;

Reported by: Kees Cook <kees@debian.org>

Date: Mon, 3 Aug 2009 18:03:01 UTC

Severity: normal

Found in version 2.4+dfsg-6

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>:
Bug#539807; Package mono. (Mon, 03 Aug 2009 18:03:04 GMT) (full text, mbox, link).


Acknowledgement sent to Kees Cook <kees@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>. (Mon, 03 Aug 2009 18:03:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kees Cook <kees@debian.org>
To: Debian Bugs <submit@bugs.debian.org>
Subject: needlessly executable stack
Date: Mon, 3 Aug 2009 10:53:39 -0700
[Message part 1 (text/plain, inline)]
Package: mono
Version: 2.4+dfsg-6
Severity: normal
Tags: patch, security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch

Hello!  When running a kernel that handles non-executable memory
(PAE mode), it is preferred to have applications that do not have
an executable stack for security.  The small attached patch fixes
this for mono.

https://bugzilla.novell.com/show_bug.cgi?id=439086

Thanks,

-Kees

-- 
Kees Cook                                            @debian.org
[fix_execstack_asm.dpatch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>:
Bug#539807; Package mono. (Thu, 06 Aug 2009 15:00:08 GMT) (full text, mbox, link).


Acknowledgement sent to Kees Cook <kees@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Mono Group <pkg-mono-group@lists.alioth.debian.org>. (Thu, 06 Aug 2009 15:00:08 GMT) (full text, mbox, link).


Message #10 received at 539807@bugs.debian.org (full text, mbox, reply):

From: Kees Cook <kees@debian.org>
To: 539807@bugs.debian.org
Subject: "needlessly" appears to be wrong :(
Date: Thu, 6 Aug 2009 07:59:24 -0700
Sorry, I need to recommend against my patch.  It seems to break the
debugger.  :(  I'd still like to see the exec stack issue fixed.  Forcing
exec stack for all mono apps seems... unfun.  ;)


$ echo 'class MainClass { static void Main() { System.Console.WriteLine("Hello World!"); } }' > hello.cs
$ gmcs hello.cs
$ ./hello.exe
Hello World!
$ mdb ./hello.exe
Mono Debugger
(mdb) run
Starting program: ./hello.exe
Cannot read symbol file `/usr/lib/mono/2.0/mscorlib.dll.mdb': Could not
find file "/usr/lib/mono/2.0/mscorlib.dll.mdb".
Cannot read symbol file `/home/kees/hello.exe.mdb': Could not find file
"/home/kees/hello.exe.mdb".
(mdb) Thread @1 received signal 11 at #0: 0xff87c909.
0xff87c909 push $0xff87c932
quit
The program is running. Exit anyway? (y or n) y
Thread @1 exited.
Process #1 exited.
Target exited.


A good run would be:
$ mdb ./hello.exe
Mono Debugger
(mdb) run
Starting program: ./hello.exe 
Cannot read symbol file `/usr/lib/mono/2.0/mscorlib.dll.mdb': Could not
find file "/usr/lib/mono/2.0/mscorlib.dll.mdb".
Cannot read symbol file `/home/kees/hello.exe.mdb': Could not find file
"/home/kees/hello.exe.mdb".
Thread @1 stopped at #0: 0xf79bb2d6 in <MainClass:Main ()>+0x6 at 1.
   1 IL_0000: ldstr     
(mdb) cont
Hello World!
Thread @1 exited.
(mdb) Process #1 exited.
Target exited.
quit


-- 
Kees Cook                                            @debian.org




Removed tag(s) patch. Request was from Iain Lane <laney@ubuntu.com> to control@bugs.debian.org. (Fri, 10 Sep 2010 08:03:05 GMT) (full text, mbox, link).


Removed tag(s) security. Request was from Moritz Muehlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Wed, 29 Jan 2014 09:57:07 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Jan 9 21:26:39 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.