Package: ghc Version: 7.6.3-21 Severity: normal Tags: security Hi,
GHC 7.6.3, which is included in Debian jessie (now stable), generates binaries with an executable stack and apparently with executable data sections (on amd64; I didn't test anywhere else): > $ echo 'main = print 1' > test.hs > $ ghc test.hs > [1 of 1] Compiling Main ( test.hs, test.o ) > Linking test ... > $ gdb ./test --ex start > Reading symbols from ./test...(no debugging symbols found)...done. > Temporary breakpoint 1 at 0x405886 > Starting program: /tmp/test > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > > Temporary breakpoint 1, 0x0000000000405886 in main () > (gdb) i proc > process 20652 > cmdline = '/tmp/test' > cwd = '/tmp' > exe = '/tmp/test' > (gdb) ^Z > [1]+ Angehalten gdb -q ./test --ex start > $ cat /proc/20652/maps > 00400000-004ae000 r-xp 00000000 08:01 1315509 > /tmp/test > 006ad000-006b7000 rwxp 000ad000 08:01 1315509 > /tmp/test > 006b7000-006c2000 rwxp 00000000 00:00 0 > [heap] > 7ffff6c7e000-7ffff6c96000 r-xp 00000000 08:01 920012 > /lib/x86_64-linux-gnu/libpthread-2.19.so > 7ffff6c96000-7ffff6e95000 ---p 00018000 08:01 920012 > /lib/x86_64-linux-gnu/libpthread-2.19.so > 7ffff6e95000-7ffff6e96000 r-xp 00017000 08:01 920012 > /lib/x86_64-linux-gnu/libpthread-2.19.so > 7ffff6e96000-7ffff6e97000 rwxp 00018000 08:01 920012 > /lib/x86_64-linux-gnu/libpthread-2.19.so > 7ffff6e97000-7ffff6e9b000 rwxp 00000000 00:00 0 > 7ffff6e9b000-7ffff703a000 r-xp 00000000 08:01 920022 > /lib/x86_64-linux-gnu/libc-2.19.so > 7ffff703a000-7ffff723a000 ---p 0019f000 08:01 920022 > /lib/x86_64-linux-gnu/libc-2.19.so > 7ffff723a000-7ffff723e000 r-xp 0019f000 08:01 920022 > /lib/x86_64-linux-gnu/libc-2.19.so > 7ffff723e000-7ffff7240000 rwxp 001a3000 08:01 920022 > /lib/x86_64-linux-gnu/libc-2.19.so > 7ffff7240000-7ffff7244000 rwxp 00000000 00:00 0 > 7ffff7244000-7ffff7247000 r-xp 00000000 08:01 916708 > /lib/x86_64-linux-gnu/libdl-2.19.so > 7ffff7247000-7ffff7446000 ---p 00003000 08:01 916708 > /lib/x86_64-linux-gnu/libdl-2.19.so > 7ffff7446000-7ffff7447000 r-xp 00002000 08:01 916708 > /lib/x86_64-linux-gnu/libdl-2.19.so > 7ffff7447000-7ffff7448000 rwxp 00003000 08:01 916708 > /lib/x86_64-linux-gnu/libdl-2.19.so > 7ffff7448000-7ffff744f000 r-xp 00000000 08:01 920013 > /lib/x86_64-linux-gnu/librt-2.19.so > 7ffff744f000-7ffff764e000 ---p 00007000 08:01 920013 > /lib/x86_64-linux-gnu/librt-2.19.so > 7ffff764e000-7ffff764f000 r-xp 00006000 08:01 920013 > /lib/x86_64-linux-gnu/librt-2.19.so > 7ffff764f000-7ffff7650000 rwxp 00007000 08:01 920013 > /lib/x86_64-linux-gnu/librt-2.19.so > 7ffff7650000-7ffff7750000 r-xp 00000000 08:01 920021 > /lib/x86_64-linux-gnu/libm-2.19.so > 7ffff7750000-7ffff794f000 ---p 00100000 08:01 920021 > /lib/x86_64-linux-gnu/libm-2.19.so > 7ffff794f000-7ffff7950000 r-xp 000ff000 08:01 920021 > /lib/x86_64-linux-gnu/libm-2.19.so > 7ffff7950000-7ffff7951000 rwxp 00100000 08:01 920021 > /lib/x86_64-linux-gnu/libm-2.19.so > 7ffff7951000-7ffff7958000 r-xp 00000000 08:01 655342 > /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2 > 7ffff7958000-7ffff7b57000 ---p 00007000 08:01 655342 > /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2 > 7ffff7b57000-7ffff7b58000 r-xp 00006000 08:01 655342 > /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2 > 7ffff7b58000-7ffff7b59000 rwxp 00007000 08:01 655342 > /usr/lib/x86_64-linux-gnu/libffi.so.6.0.2 > 7ffff7b59000-7ffff7bda000 r-xp 00000000 08:01 655328 > /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0 > 7ffff7bda000-7ffff7dda000 ---p 00081000 08:01 655328 > /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0 > 7ffff7dda000-7ffff7ddb000 r-xp 00081000 08:01 655328 > /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0 > 7ffff7ddb000-7ffff7ddc000 rwxp 00082000 08:01 655328 > /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0 > 7ffff7ddc000-7ffff7dfc000 r-xp 00000000 08:01 916570 > /lib/x86_64-linux-gnu/ld-2.19.so > 7ffff7fc7000-7ffff7fcc000 rwxp 00000000 00:00 0 > 7ffff7ff6000-7ffff7ff8000 rwxp 00000000 00:00 0 > 7ffff7ff8000-7ffff7ffa000 r-xp 00000000 00:00 0 > [vdso] > 7ffff7ffa000-7ffff7ffc000 r--p 00000000 00:00 0 > [vvar] > 7ffff7ffc000-7ffff7ffd000 r-xp 00020000 08:01 916570 > /lib/x86_64-linux-gnu/ld-2.19.so > 7ffff7ffd000-7ffff7ffe000 rwxp 00021000 08:01 916570 > /lib/x86_64-linux-gnu/ld-2.19.so > 7ffff7ffe000-7ffff7fff000 rwxp 00000000 00:00 0 > 7ffffffde000-7ffffffff000 rwxp 00000000 00:00 0 > [stack] > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 > [vsyscall] The fix discussed at [1] and [2], i.e. adding a ".note.GNU-stack" section does not seem have an effect; it _is_ present: > $ ghc -c test.hs > compilation IS NOT required > $ readelf -a test.o | grep -i stack > [ 6] .note.GNU-stack PROGBITS 0000000000000000 000001f8 > $ ghc -S test.hs > $ grep -i stack test.s > .section .note.GNU-stack,"",@progbits Thanks, Jonathan [1] https://ghc.haskell.org/trac/ghc/ticket/703?cversion=0&cnum_hist=26 [2] https://bugs.gentoo.org/show_bug.cgi?id=123698 -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ghc depends on: ii dpkg 1.17.25 ii gcc 4:4.9.2-2 ii libbsd-dev 0.7.0-2 ii libc6 2.19-18 ii libc6-dev 2.19-18 ii libffi-dev 3.1-2+b2 ii libffi6 3.1-2+b2 ii libgmp-dev 2:6.0.0+dfsg-6 ii libgmp10 2:6.0.0+dfsg-6 ii libtinfo5 5.9+20140913-1+b1 ghc recommends no packages. Versions of packages ghc suggests: ii ghc-doc 7.6.3-21 pn ghc-prof <none> pn haskell-doc <none> pn llvm <none> ii perl 5.20.2-3 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
