Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24117

Mongo binaries ELF stack has become executable

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Critical - P2 Critical - P2
    • 3.2.7, 3.3.6
    • Affects Version/s: 3.2.5, 3.2.6
    • Component/s: Build
    • Fully Compatible
    • ALL
    • Hide

      Always since 3.2.5

      This affect also builds from https://www.mongodb.com/download-center#community

      Tested for RHEL 7 64-bit and Amazon 64-bit.

      Show
      Always since 3.2.5 This affect also builds from https://www.mongodb.com/download-center#community Tested for RHEL 7 64-bit and Amazon 64-bit.
    • Platforms 14 (05/13/16)

      mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.

      $ execstack path/to/binary

      • path/to/binary

      A - indicates the secure non-executability.

      If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.

      You can check it by execstack program.

      [mskalick@unused-4-188 tmp]$ execstack bin/*
      - bin/bsondump
      - bin/mongo
      X bin/mongod
      - bin/mongodump
      - bin/mongoexport
      - bin/mongofiles
      - bin/mongoimport
      - bin/mongooplog
      X bin/mongoperf
      - bin/mongorestore
      - bin/mongos
      - bin/mongostat
      - bin/mongotop
      

      (I was trying to build MongoDB myself and mongosniff is also affected)

      Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.

      More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

            Assignee:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Reporter:
            mskalick Marek Skalický
            Votes:
            1 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: