Session 6D: Software Security: Vulnerability Detection
Authors, Creators & Presenters: Hengkai Ye (The Pennsylvania State University), Hong Hu (The Pennsylvania State University)
PAPER
Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
Code injection was a favored technique for attackers to exploit buffer overflow vulnerabilities decades ago. Subsequently, the widespread adoption of lightweight solutions like write-xor-execute write-xor-execute effectively mitigated most of these attacks by disallowing writable-and-executable memory. However, we observe multiple concerning cases where software developers accidentally disabled write-xor-execute and reintroduced executable stacks to popular applications. Although each violation has been properly fixed, a lingering question remains: what underlying factors contribute to these recurrent mistakes among developers, even in contemporary software development practices? In this paper, we conduct two investigations to gain a comprehensive understanding of the challenges associated with properly enforcing write-xor-execute in Linux systems. First, we delve into program-hardening tools to assess whether experienced security developers consistently catch the necessary steps to avoid executable stacks. Second, we analyze the enforcement of write-xor-execute on Linux by inspecting the source code of the compilation toolchain, the kernel, and the loader. Our investigation reveals that properly enforcing write-xor-execute on Linux requires close collaboration among multiple components. These tools form a complex chain of trust and dependency to safeguard the program stack. However, developers, including security researchers, may overlook the subtle yet essential GNU-stack section when writing assembly code for various purposes, and inadvertently introduce executable stacks. For example, 11 program-hardening tools implemented as inlined reference monitors (IRM) introduce executable stacks to all "hardened" applications. Based on these findings, we discuss potential exploitation scenarios by attackers and provide suggestions to mitigate this issue.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems appeared first on Security Boulevard.
Marc Handelman
Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/12/ndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems/