[klibc] process '/usr/bin/rsync' started with executable stack
keescook at chromium.org
Thu Jun 25 13:20:19 PDT 2020
On Thu, Jun 25, 2020 at 01:04:29PM +0300, Dan Carpenter wrote:
> On Wed, Jun 24, 2020 at 12:39:24PM -0700, Kees Cook wrote:
> > On Wed, Jun 24, 2020 at 07:51:48PM +0300, Dan Carpenter wrote:
> > > In Debian testing the initrd triggers the warning.
> > >
> > > [ 34.529809] process '/usr/bin/fstype' started with executable stack
> > Where does fstype come from there? I am going to guess it is either
> > busybox or linked against klibc?
> > klibc has known problems with executable stacks due to its trampoline
> > implementation:
> > https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
> Yeah. It comes from klibc-utils.
This is exactly what I was worried about back in Feb:
This warning, combined with klibc-based initrds, makes the whole thing
pointless because it will always warn once on boot for the klibc stack,
and then not warn about anything else after that.
It looks like upstream klibc hasn't been touched in about 4 years, and
it's been up to Ben to keep it alive in Debian.
A couple ideas, in order of my preference:
1) stop using klibc-utils. initramfs-tools-core is the only thing with a
dependency on klibc-utils. Only a few things are missing from busybox.
2) make the warning rate-limited instead?
3) fix the use of trampolines in klibc
 Ben appears well aware of this idea, as he suggested it in 2018. :)
More information about the klibc