January 17th, 2011

execstack on the rampage II

In one of the allow_execstack bug reports someone asked me, shouldn't the tools do a better job of discovering the cause of the execstack?  I needed a better way of figuring out what library was causing the execstack AVC, 

Since all I have in the AVC is the source path, I figured could use ldd to list the libraries used by it.  Then I could examine these libraries using execstack -q and see if any had the flag execstack flag turned on.

Nalin Dahyabhai suggested that I should also search /proc/PID/maps for shared libraries that might have been dlopened.   

I wrote the python script findexecstack which takes an executable path and optional pid as parameters.  It then reports any execstack libraries that if finds used by the executable or PID.

I am now adding this code to the allow_execstack setroubleshoot plugin which should give us a better troubleshooting and say something like:

If you believe the APPLICATION does not need execstack and you have a libary /usr/lib/libxvid.s0 requiring it you can execute

execstack -c /usr/lib/libxvid.s0

And try the app again.

If you get the execstack violation, please try out the script until I get the new plugin pushed.