Re: non-executable stack (via PT_GNU_STACK) not being enforced

[Wade Richards <wade@wabyn.net>]

The noexecstack option has no affect on shell code or any other interpreted language.  It only prevents native code (aka machine code) from executing.

     --- Wade

On 2010-10-10, at 6:53, Brchk05 <brchk05@aim.com> wrote:

I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the enforcement of page permissions.  I have written a simple program with a basic buffer overflow and compiled two versions using gcc: one with -z execstack and another with -z noexecstack.  

So, to verify that the option takes:

For the -z execstack version:

$ readelf -l a.out | grep -i -A1 stack

  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4

For the -z noexecstack version:

$ readelf -l a.out | grep -i -A1 stack

  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4

However, I am able to inject and execute shellcode from a stack local character buffer in both versions.  Is there another system option I am unaware of that affects enforcement?  Is enforcement not supported for my system version?

Thanks for your help.