ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 409456] [NEW] upstream compiled binaries built without stack flags

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Kees Cook <kees@xxxxxxxxxx>
Date: Wed, 05 Aug 2009 17:15:53 -0000
Reply-to: Bug 409456 <409456@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In Karmic (and earlier) the following binaries are compiled without stack flags, which results in an executable stack on i386, and should be fixed[1]:
pool/restricted/n/nvidia-graphics-drivers-180/nvidia-180-libvdpau_185.18.14-0ubuntu3_i386.deb
 /usr/lib/libvdpau.so.185.18.14
 /usr/lib/libvdpau_trace.so.185.18.14
 /usr/lib/libvdpau_nvidia.so.185.18.14
pool/restricted/n/nvidia-graphics-drivers-71/nvidia-glx-71_71.86.08-0ubuntu1_i386.deb
 /usr/lib/libnvidia-tls.so.71.86.08
 /usr/lib/libGLcore.so.71.86.08
 /usr/lib/libGL.so.71.86.08
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/xorg/modules/extensions/libglx.so.71.86.08
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.71.86.08
 /usr/lib/libXvMCNVIDIA.so.71.86.08
pool/restricted/n/nvidia-graphics-drivers-173/nvidia-glx-173_173.14.16-0ubuntu1_i386.deb
 /usr/lib/libXvMCNVIDIA.so.173.14.16
 /usr/lib/libGLcore.so.173.14.16
 /usr/lib/libcuda.so.173.14.16
 /usr/lib/libGL.so.173.14.16
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/libnvidia-cfg.so.173.14.16
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/xorg/modules/extensions/libglx.so.173.14.16
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.173.14.16
 /usr/lib/libnvidia-tls.so.173.14.16
pool/restricted/n/nvidia-graphics-drivers-96/nvidia-glx-96_96.43.10-0ubuntu1_i386.deb
 /usr/bin/nvidia-xconfig
 /usr/lib/libXvMCNVIDIA.so.96.43.10
 /usr/lib/libGL.so.96.43.10
 /usr/lib/nvidia/libnvidia-cfg.so.96.43.10
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/libGLcore.so.96.43.10
 /usr/lib/xorg/modules/extensions/libglx.so.96.43.10
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.96.43.10
 /usr/lib/libnvidia-tls.so.96.43.10
pool/restricted/n/nvidia-graphics-drivers-180/nvidia-glx-180_185.18.14-0ubuntu3_i386.deb
 /usr/bin/nvidia-xconfig
 /usr/lib/libcuda.so.185.18.14
 /usr/lib/libGL.so.185.18.14
 /usr/lib/libXvMCNVIDIA.so.185.18.14
 /usr/lib/libGLcore.so.185.18.14
 /usr/lib/nvidia/libnvidia-cfg.so.185.18.14
 /usr/lib/nvidia/tls_test
 /usr/lib/nvidia/tls_test_dso.so
 /usr/lib/libnvidia-tls.so.185.18.14
 /usr/lib/xorg/modules/extensions/libglx.so.185.18.14
 /usr/lib/xorg/modules/drivers/nvidia_drv.so
 /usr/lib/tls/libnvidia-tls.so.185.18.14

These binaries should either be built correctly, or have their stack
markings forced to be disabled, using "execstack -c $target" during the
build process (though this would require a trivial MIR for the "prelink"
source package to get "execstack" for the build).

[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

** Affects: nvidia-graphics-drivers-173 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: nvidia-graphics-drivers-180 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: nvidia-graphics-drivers-71 (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: nvidia-graphics-drivers-96 (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: nvidia-graphics-drivers-96 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: nvidia-graphics-drivers-173 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: nvidia-graphics-drivers-180 (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

  In Karmic (and earlier) the following binaries are compiled without stack flags, which results in an executable stack on i386, and should be fixed[1]:
  pool/restricted/n/nvidia-graphics-drivers-180/nvidia-180-libvdpau_185.18.14-0ubuntu3_i386.deb
   /usr/lib/libvdpau.so.185.18.14
   /usr/lib/libvdpau_trace.so.185.18.14
   /usr/lib/libvdpau_nvidia.so.185.18.14
  pool/restricted/n/nvidia-graphics-drivers-71/nvidia-glx-71_71.86.08-0ubuntu1_i386.deb
   /usr/lib/libnvidia-tls.so.71.86.08
   /usr/lib/libGLcore.so.71.86.08
   /usr/lib/libGL.so.71.86.08
   /usr/lib/nvidia/tls_test
   /usr/lib/nvidia/tls_test_dso.so
   /usr/lib/xorg/modules/extensions/libglx.so.71.86.08
   /usr/lib/xorg/modules/drivers/nvidia_drv.so
   /usr/lib/tls/libnvidia-tls.so.71.86.08
   /usr/lib/libXvMCNVIDIA.so.71.86.08
  pool/restricted/n/nvidia-graphics-drivers-173/nvidia-glx-173_173.14.16-0ubuntu1_i386.deb
   /usr/lib/libXvMCNVIDIA.so.173.14.16
   /usr/lib/libGLcore.so.173.14.16
   /usr/lib/libcuda.so.173.14.16
   /usr/lib/libGL.so.173.14.16
   /usr/lib/nvidia/tls_test
   /usr/lib/nvidia/libnvidia-cfg.so.173.14.16
   /usr/lib/nvidia/tls_test_dso.so
   /usr/lib/xorg/modules/extensions/libglx.so.173.14.16
   /usr/lib/xorg/modules/drivers/nvidia_drv.so
   /usr/lib/tls/libnvidia-tls.so.173.14.16
   /usr/lib/libnvidia-tls.so.173.14.16
  pool/restricted/n/nvidia-graphics-drivers-96/nvidia-glx-96_96.43.10-0ubuntu1_i386.deb
   /usr/bin/nvidia-xconfig
   /usr/lib/libXvMCNVIDIA.so.96.43.10
   /usr/lib/libGL.so.96.43.10
   /usr/lib/nvidia/libnvidia-cfg.so.96.43.10
   /usr/lib/nvidia/tls_test
   /usr/lib/nvidia/tls_test_dso.so
   /usr/lib/libGLcore.so.96.43.10
   /usr/lib/xorg/modules/extensions/libglx.so.96.43.10
   /usr/lib/xorg/modules/drivers/nvidia_drv.so
   /usr/lib/tls/libnvidia-tls.so.96.43.10
   /usr/lib/libnvidia-tls.so.96.43.10
  pool/restricted/n/nvidia-graphics-drivers-180/nvidia-glx-180_185.18.14-0ubuntu3_i386.deb
   /usr/bin/nvidia-xconfig
   /usr/lib/libcuda.so.185.18.14
   /usr/lib/libGL.so.185.18.14
   /usr/lib/libXvMCNVIDIA.so.185.18.14
   /usr/lib/libGLcore.so.185.18.14
   /usr/lib/nvidia/libnvidia-cfg.so.185.18.14
   /usr/lib/nvidia/tls_test
   /usr/lib/nvidia/tls_test_dso.so
   /usr/lib/libnvidia-tls.so.185.18.14
   /usr/lib/xorg/modules/extensions/libglx.so.185.18.14
   /usr/lib/xorg/modules/drivers/nvidia_drv.so
   /usr/lib/tls/libnvidia-tls.so.185.18.14
  
  These binaries should either be built correctly, or have their stack
  markings forced to be disabled, using "execstack -c $target" during the
  build process (though this would require a trivial MIR for the "prelink"
  source package to get "execstack" for the build).
+ 
+ [1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

-- 
upstream compiled binaries built without stack flags
https://bugs.launchpad.net/bugs/409456
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to nvidia-graphics-drivers-173 in ubuntu.

Follow ups

[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Launchpad Bug Tracker, 2009-10-08
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Launchpad Bug Tracker, 2009-10-08
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Launchpad Bug Tracker, 2009-10-08
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Alberto Milone, 2009-09-25
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Alberto Milone, 2009-09-21
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Tim Frost, 2009-08-31
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Greg Grossmeier, 2009-08-28
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Alan Pope, 2009-08-28
[Bug 409456] Re: upstream compiled binaries built without stack flags
From: Bryce Harrington, 2009-08-13
[Bug 409456] [NEW] upstream compiled binaries built without stack flags
From: Kees Cook, 2009-08-05

References

[Bug 409456] [NEW] upstream compiled binaries built without stack flags
From: Kees Cook, 2009-08-05