Bug#944971: qtwebengine-opensource-src: the stack is executable, and forced upon linked programs
Source: qtwebengine-opensource-src
Severity: normal
The libQt5WebEngineCore.so shared object requests an executable stack
from the loader. You can see this using "readelf -l" and inspecting the
GNU_STACK program header. All programs linked against this library also
get an executable stack whether or not they need or want it. Affected
programs include several that parse hostile input from the internet,
such as KMail, Akregator, qutebrowser, and Akonadi. Other Qt and KDE
applications are also affected.
You can see the executable stack in affected programs by looking in
their /proc/PID/maps while they're running.
This isn't a security vulnerability in itself, but an executable stack
makes vulnerabilities in all these applications much easier to exploit.
Fortunately there's no need for an executable stack in QtWebEngine. It
only arises due to a compilation misconfiguration: A handful of object
files fail to use .note.GNU-stack to opt out an executable stack.
https://www.airs.com/blog/archives/518
I've attached a list of the offending object files. Each is an assembly
file, and all but one belong to BoringSSL. Either each of these each
need to be assembled with an empty .note.GNU-stack section, or the "-z
noexecstack" option needs to be supplied at link time.
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aes128gcmsiv-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/chacha-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x25519-asm-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x86_64-mont5.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha256-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x86_64-mont.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/vpaes-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha1-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/rdrand-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha512-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/p256-x86_64-asm.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/md5-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/rsaz-avx2.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/ghash-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aesni-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/bsaes-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aesni-gcm-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aes-x86_64.o
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/chacha20_poly1305_x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/x25519-asm-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/x86_64-mont5.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/vpaes-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/sha1-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/x86_64-mont.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/sha512-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/rdrand-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/sha256-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/p256-x86_64-asm.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/aesni-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/rsaz-avx2.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/md5-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/bsaes-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/ghash-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/aesni-gcm-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/aes-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/chacha20_poly1305_x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/chacha-x86_64.o
./src/core/release/obj/third_party/boringssl/boringssl_asm/aes128gcmsiv-x86_64.o
./src/core/release/obj/third_party/WebKit/Source/platform/heap/asm/asm/SaveRegisters_x86.o
Reply to: