Re: [Libguestfs] [PATCH] Add a test for an executable stack in libguestfs.so
On Wed, Aug 05, 2009 at 11:45:02AM +0100, Matthew Booth wrote:
I've updated the patch. It's now in regressions, and checks
both
libguestfs.so and the guest daemon. It occurs to me that it's the
daemon that's would get an executable stack from the specific patch
I posted the other day. However, would this actually matter
specifically for the daemon?
Duh yes, you're right. I was checking the wrong executable.
$ readelf -l daemon/guestfsd
[...]
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RWE 8
So your patch *does* make the daemon stack executable.
Does it matter for the daemon? Probably yes. We should avoid
allowing code to be injected into the appliance. For example if there
was a malicious string which was passed into libguestfs from user
input, then the additional stack guards would be our last line of
defence.
Also rpmlint will give a warning about this.
NAK I'm afraid. However just hoisting those functions out so they are
not nested should make it OK. Don't forget the other two things I
raised in the original review.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top