Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24117

Mongo binaries ELF stack has become executable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical - P2
    • Resolution: Fixed
    • Affects Version/s: 3.2.5, 3.2.6
    • Fix Version/s: 3.2.7, 3.3.6
    • Component/s: Build
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Completed:
    • Steps To Reproduce:
      Hide

      Always since 3.2.5

      This affect also builds from https://www.mongodb.com/download-center#community

      Tested for RHEL 7 64-bit and Amazon 64-bit.

      Show
      Always since 3.2.5 This affect also builds from https://www.mongodb.com/download-center#community Tested for RHEL 7 64-bit and Amazon 64-bit.
    • Sprint:
      Platforms 14 (05/13/16)

      Description

      mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.

      $ execstack path/to/binary

      • path/to/binary

      A - indicates the secure non-executability.

      If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.

      You can check it by execstack program.

      [mskalick@unused-4-188 tmp]$ execstack bin/*
      - bin/bsondump
      - bin/mongo
      X bin/mongod
      - bin/mongodump
      - bin/mongoexport
      - bin/mongofiles
      - bin/mongoimport
      - bin/mongooplog
      X bin/mongoperf
      - bin/mongorestore
      - bin/mongos
      - bin/mongostat
      - bin/mongotop
      

      (I was trying to build MongoDB myself and mongosniff is also affected)

      Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.

      More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: