Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24117

Mongo binaries ELF stack has become executable

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • 3.2.5, 3.2.6
    • 3.2.7, 3.3.6
    • Build
    • Fully Compatible
    • ALL
    • Hide

      Always since 3.2.5

      This affect also builds from https://www.mongodb.com/download-center#community

      Tested for RHEL 7 64-bit and Amazon 64-bit.

      Show
      Always since 3.2.5 This affect also builds from https://www.mongodb.com/download-center#community Tested for RHEL 7 64-bit and Amazon 64-bit.
    • Platforms 14 (05/13/16)

    Description

      mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.

      $ execstack path/to/binary

      • path/to/binary

      A - indicates the secure non-executability.

      If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.

      You can check it by execstack program.

      [mskalick@unused-4-188 tmp]$ execstack bin/*
      		 
      - bin/bsondump
      		 
      - bin/mongo
      		 
      X bin/mongod
      		 
      - bin/mongodump
      		 
      - bin/mongoexport
      		 
      - bin/mongofiles
      		 
      - bin/mongoimport
      		 
      - bin/mongooplog
      		 
      X bin/mongoperf
      		 
      - bin/mongorestore
      		 
      - bin/mongos
      		 
      - bin/mongostat
      		 
      - bin/mongotop

      (I was trying to build MongoDB myself and mongosniff is also affected)

      Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.

      More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

      Attachments

        Issue Links

          is depended on by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7

          • Major - P3 - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7

          • Major - P3 - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. SERVER-24101 MongoDB needs excecution permission on ld.so.cache and locale-archive when running on SELinux

          • Major - P3 - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-24120 Make link warnings fatal

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Bug - A problem which impairs or prevents the functions of the product. WT-2629 Introduction of ppc64le crc32c assembly file has made the stack executable

          • Critical - P2 - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              andrew.morrow@mongodb.com Andrew Morrow (Inactive)
              mskalick Marek Skalický
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: