Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24117

Mongo binaries ELF stack has become executable

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • 3.2.5, 3.2.6
    • 3.2.7, 3.3.6
    • Build
    • Fully Compatible
    • ALL
    • Hide

      Always since 3.2.5

      This affect also builds from https://www.mongodb.com/download-center#community

      Tested for RHEL 7 64-bit and Amazon 64-bit.

      Show
      Always since 3.2.5 This affect also builds from https://www.mongodb.com/download-center#community Tested for RHEL 7 64-bit and Amazon 64-bit.
    • Platforms 14 (05/13/16)

    Description

      mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.

      $ execstack path/to/binary

      • path/to/binary

      A - indicates the secure non-executability.

      If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.

      You can check it by execstack program.

      [mskalick@unused-4-188 tmp]$ execstack bin/*
      - bin/bsondump
      - bin/mongo
      X bin/mongod
      - bin/mongodump
      - bin/mongoexport
      - bin/mongofiles
      - bin/mongoimport
      - bin/mongooplog
      X bin/mongoperf
      - bin/mongorestore
      - bin/mongos
      - bin/mongostat
      - bin/mongotop
      

      (I was trying to build MongoDB myself and mongosniff is also affected)

      Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.

      More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

      Attachments

        Issue Links

          Activity

            People

              andrew.morrow@mongodb.com Andrew Morrow (Inactive)
              mskalick Marek Skalický
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: