Bug 196110 - [patch] procstat shows wrong stack nx information in ELF auxv mode
Summary: [patch] procstat shows wrong stack nx information in ELF auxv mode
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: amd64 Any
: --- Affects Many People
Assignee: Allan Jude
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-18 20:57 UTC by J. Pernfuß
Modified: 2017-03-25 19:07 UTC (History)
4 users (show)

See Also:


Attachments
Patch for procstat_auxv.c (526 bytes, patch)
2014-12-18 20:57 UTC, J. Pernfuß
no flags Details | Diff
Updated patch for after r287486 (libxo) (675 bytes, patch)
2015-09-05 20:17 UTC, J. Pernfuß
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description J. Pernfuß 2014-12-18 20:57:35 UTC
Created attachment 150736 [details]
Patch for procstat_auxv.c

The ELF auxiliary vector displayed by `procstat -x` contains
information about whether or not the stack for that process is
executable or not.

This information is currently reversed, showing executable
when nxstack is enabled. It can be reproduced quite easily:

# sysctl kern.elf64.nxstack
kern.elf64.nxstack: 1
# procstat -x $$ | grep AT_STACKPROT
 1471 csh              AT_STACKPROT     EXECUTABLE

After disabling nxstack, new processes show nonexecutable.

# sysctl kern.elf64.nxstack=0
kern.elf64.nxstack: 1 -> 0
# sh -c 'procstat -x $$ | grep AT_STACKPROT'
 1477 sh               AT_STACKPROT     NONEXECUTABLE


Looking at the procstat code, the displayed string labels are
reversed for the check. The bitwise and will return !0 if the
executable bit is set.

      if ((auxv[i].a_un.a_val & VM_PROT_EXECUTE) != 0)
        PRINT(AT_STACKPROT, %s, "NONEXECUTABLE");
      else
        PRINT(AT_STACKPROT, %s, "EXECUTABLE");
      break;

Attached is a simple patch to switch the labels.
Comment 1 J. Pernfuß 2015-09-05 20:17:09 UTC
Created attachment 160749 [details]
Updated patch for after r287486 (libxo)

Updated the patch for after r287486.
Comment 2 commit-hook freebsd_committer 2015-09-06 17:47:56 UTC
A commit references this bug:

Author: allanjude
Date: Sun Sep  6 17:47:04 UTC 2015
New revision: 287509
URL: https://svnweb.freebsd.org/changeset/base/287509

Log:
  Fix inverted output re: stack protection no-execute flag in procstat(1)

  PR:		196110
  Submitted by:	Joerg Pernfuss <code.jpe@gmail.com>
  Approved by:	bapt (mentor)
  MFC after:	2 weeks
  Differential Revision:	https://reviews.freebsd.org/D3576

Changes:
  head/usr.bin/procstat/procstat_auxv.c
Comment 3 Fabian Keil 2017-03-25 19:07:13 UTC
Looks like the MFC to stable/10 didn't happen (yet).

I seems to require the pre-libxo version of the patch and thus a direct commit anyway.