The stack created by pthread_create in a statically linked binary has RWX protection, regardless of the binary's desired stack (via PT_GNU_STACK). Initial stack has expected protection. See https://reviews.freebsd.org/D28050 for the discovery of this issue. lib/libc/gen/dlfcn.c provides a weak _rtld_get_stack_prot for statically linked binaries: #pragma weak _rtld_get_stack_prot int _rtld_get_stack_prot(void) { return (PROT_EXEC | PROT_READ | PROT_WRITE); }
https://reviews.freebsd.org/D28075
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=81b3a0a34145ee6c855f50c8035728f76d63c3f0 commit 81b3a0a34145ee6c855f50c8035728f76d63c3f0 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-01-10 03:05:42 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-01-10 06:25:43 +0000 libc: implement rtld_get_stack_prot() for real which makes stack prot correct for non-main threads created by binaries with statically linked libthr. Cache result, but do not engage into the full double-checked locking, since calculation of the return value is idempotent. PR: 252549 Reported and reviewed by: emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D28075 lib/libc/gen/dlfcn.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-)