openjdk team mailing list archive

Thread
Date

[Bug 409736] Re: needlessly executable stack markings

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Tue, 25 Aug 2009 22:39:44 -0000
Reply-to: Bug 409736 <409736@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Similarly,
sun/security/ssl/javax/net/ssl/NewAPIs/SessionCacheSizeTests.java passes
both stock and and with non-exec-stack locally:

----------System.out:(21/1186)----------
Current cacheSize is set to: 0

Currently cached Sessions......
========================================================================
Session                                           Session-last-accessTime
========================================================================
[Session-6, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
[Session-2, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size changed to: 2

[Session-6, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size changed to: 3
[Session-6, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
[Session-4, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
[Session-8, SSL_RSA_WITH_RC4_128_MD5]       Tue Aug 25 15:36:02 PDT 2009
------------------------------------------------------------------------
Session cache size tests passed
----------System.err:(3/36)----------

JavaTest Message:  Test complete.

result: Passed. Execution successful


test result: Passed. Execution successful

-- 
needlessly executable stack markings
https://bugs.launchpad.net/bugs/409736
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “openjdk-6” package in Ubuntu: Triaged

Bug description:
Java is marked to have an executable stack[1].  This is potentially dangerous, and is simply an oversight from one of the compiled assembly files.  Adding stack markings to the assembly solves the issue.

[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

References

[Bug 409736] [NEW] needlessly executable stack markings
From: Kees Cook, 2009-08-06