Details
Description
mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.
$ execstack path/to/binary
- path/to/binary
A - indicates the secure non-executability.
If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.
You can check it by execstack program.
[mskalick@unused-4-188 tmp]$ execstack bin/*
|
- bin/bsondump
|
- bin/mongo
|
X bin/mongod
|
- bin/mongodump
|
- bin/mongoexport
|
- bin/mongofiles
|
- bin/mongoimport
|
- bin/mongooplog
|
X bin/mongoperf
|
- bin/mongorestore
|
- bin/mongos
|
- bin/mongostat
|
- bin/mongotop
|
(I was trying to build MongoDB myself and mongosniff is also affected)
Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.
More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
Attachments
Issue Links
- is depended on by
-
SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7
-
- Closed
-
- is duplicated by
-
SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7
-
- Closed
-
-
SERVER-24101 MongoDB needs excecution permission on ld.so.cache and locale-archive when running on SELinux
-
- Closed
-
- is related to
-
SERVER-24120 Make link warnings fatal
-
- Closed
-
- related to
-
WT-2629 Introduction of ppc64le crc32c assembly file has made the stack executable
-
- Closed
-