Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executable Stack Vulnerability #8

Open
RlckAstley opened this issue Sep 5, 2023 · 1 comment
Open

Executable Stack Vulnerability #8

RlckAstley opened this issue Sep 5, 2023 · 1 comment

Comments

@RlckAstley
Copy link

RlckAstley commented Sep 5, 2023
edited
Loading

stack_executable_strace.txt
The code currently makes the stack executable. Probably not ideal as this provides a vector for buffer overflows. I think this could get root if someone is running Xorg as root, which is still often the default. See: https://en.wikipedia.org/wiki/Stack_buffer_overflow

/usr/bin/make  all-recursive
make[1]: Entering directory '/remote/projects/OS/MaCoPiX'
Making all in intl
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/intl'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/intl'
Making all in m4
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/m4'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/m4'
Making all in po
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/po'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/po'
Making all in src
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/src'
/usr/bin/make  all-recursive
make[3]: Entering directory '/remote/projects/OS/MaCoPiX/src'
Making all in icons
make[4]: Entering directory '/remote/projects/OS/MaCoPiX/src/icons'
make[4]: Nothing to be done for 'all'.
make[4]: Leaving directory '/remote/projects/OS/MaCoPiX/src/icons'
make[4]: Entering directory '/remote/projects/OS/MaCoPiX/src'
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -g -O2    -o macopix main.o macos_getwin.o callbacks.o pixmap.o gui.o balloon.o clock.o configfile.o utils.o gtkut.o mail.o pop.o md5c.o md5ify.o nokkari.o bmp.o bmpwrite.o sockmsg.o codeconv.o unmime.o base64.o quoted-printable.o unlha.o untar.o trayicon.o alpha.o ssl.o sslmanager.o dnd.o resources.o http-client.o -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -lharfbuzz -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0  -lglib-2.0   macopix.res           -lX11  -lssl -lcrypto 
libtool: link: gcc -g -O2 -o macopix main.o macos_getwin.o callbacks.o pixmap.o gui.o balloon.o clock.o configfile.o utils.o gtkut.o mail.o pop.o md5c.o md5ify.o nokkari.o bmp.o bmpwrite.o sockmsg.o codeconv.o unmime.o base64.o quoted-printable.o unlha.o untar.o trayicon.o alpha.o ssl.o sslmanager.o dnd.o resources.o http-client.o macopix.res  -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -lharfbuzz -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lX11 -lssl -lcrypto
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: warning: **macopix.res: missing .note.GNU-stack section implies executable stack**
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
macopix.res:(.rsrc$01+0x378): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x278): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x288): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x298): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2a8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2b8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2c8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2d8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2e8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2f8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x308): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x318): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x328): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x338): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x348): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x358): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x368): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:575: macopix] Error 1
make[4]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[3]: *** [Makefile:649: all-recursive] Error 1
make[3]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[2]: *** [Makefile:486: all] Error 2
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[1]: *** [Makefile:598: all-recursive] Error 1
make[1]: Leaving directory '/remote/projects/OS/MaCoPiX'
make: *** [Makefile:485: all] Error 2
@RlckAstley
Copy link
Author

Not sure if what I'm claiming is true. Also, noobing it as I think I'm lacking some depens, let me fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RlckAstley