![]()
NDSS 2025 – Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
嗯,用户让我帮忙总结一篇文章的内容,控制在100字以内,而且不需要用特定的开头。首先,我需要理解文章的主要内容。
文章标题是“Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems”,看起来是关于Linux系统中可执行栈问题的研究。作者提到,过去攻击者常用缓冲区溢出漏洞进行代码注入,后来写-执行保护(W^X)缓解了大部分攻击。但最近发现开发者不小心禁用了W^X,导致可执行栈重新出现。
研究分为两部分:一是检查程序强化工具是否正确实施W^X;二是分析Linux系统中W^X的执行情况。结果发现,开发者在编写汇编代码时可能忽略GNU栈部分,导致可执行栈被引入。例如,11个强化工具引入了可执行栈。
因此,作者讨论了潜在的攻击场景,并提出了缓解建议。
总结时要抓住关键点:Linux中的可执行栈问题、开发者失误、工具链复杂性、潜在风险和建议。控制在100字以内,避免使用“这篇文章”等开头。
</think>
研究揭示Linux系统中可执行栈问题频发原因:开发者疏忽、工具链复杂性及依赖关系共同导致安全机制失效。
2025-12-20 16:0:0
Author: securityboulevard.com(查看原文)
阅读量:4
收藏
Session 6D: Software Security: Vulnerability Detection
Authors, Creators & Presenters: Hengkai Ye (The Pennsylvania State University), Hong Hu (The Pennsylvania State University)
PAPER
Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
Code injection was a favored technique for attackers to exploit buffer overflow vulnerabilities decades ago. Subsequently, the widespread adoption of lightweight solutions like write-xor-execute write-xor-execute effectively mitigated most of these attacks by disallowing writable-and-executable memory. However, we observe multiple concerning cases where software developers accidentally disabled write-xor-execute and reintroduced executable stacks to popular applications. Although each violation has been properly fixed, a lingering question remains: what underlying factors contribute to these recurrent mistakes among developers, even in contemporary software development practices? In this paper, we conduct two investigations to gain a comprehensive understanding of the challenges associated with properly enforcing write-xor-execute in Linux systems. First, we delve into program-hardening tools to assess whether experienced security developers consistently catch the necessary steps to avoid executable stacks. Second, we analyze the enforcement of write-xor-execute on Linux by inspecting the source code of the compilation toolchain, the kernel, and the loader. Our investigation reveals that properly enforcing write-xor-execute on Linux requires close collaboration among multiple components. These tools form a complex chain of trust and dependency to safeguard the program stack. However, developers, including security researchers, may overlook the subtle yet essential GNU-stack section when writing assembly code for various purposes, and inadvertently introduce executable stacks. For example, 11 program-hardening tools implemented as inlined reference monitors (IRM) introduce executable stacks to all “hardened” applications. Based on these findings, we discuss potential exploitation scenarios by attackers and provide suggestions to mitigate this issue.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations’ YouTube Channel.
Permalink
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/Q91s02Mt_F0?si=eedj4u8G_XFIvZu8
文章来源: https://securityboulevard.com/2025/12/ndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems/
如有侵权请联系:admin#unsafe.sh