-----Original Message-----
From: Wade Richards <wade@wabyn.net>
To: Brchk05 <brchk05@aim.com>
Cc: debian-security@lists.debian.org <debian-security@lists.debian.org>
Sent: Sun, Oct 10, 2010 11:59 am
Subject: Re: non-executable stack (via PT_GNU_STACK) not being enforced
The noexecstack option has no affect on shell code or any other interpreted language. It only prevents native code (aka machine code) from executing.
--- Wade
I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the enforcement of page permissions. I have written a simple program with a basic buffer overflow and compiled two versions using gcc: one with -z execstack and another with -z noexecstack.
So, to verify that the option takes:
For the -z execstack version:
$ readelf -l a.out | grep -i -A1 stack
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
For the -z noexecstack version:
$ readelf -l a.out | grep -i -A1 stack
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
However, I am able to inject and execute shellcode from a stack local character buffer in both versions. Is there another system option I am unaware of that affects enforcement? Is enforcement not supported for my system version?
Thanks for your help.