The stack created by pthread_create in a statically linked binary has RWX protection, regardless of the binary's desired stack (via PT_GNU_STACK). Initial stack has expected protection.
See https://reviews.freebsd.org/D28050 for the discovery of this issue.
lib/libc/gen/dlfcn.c provides a weak _rtld_get_stack_prot for statically linked binaries:
#pragma weak _rtld_get_stack_prot
return (PROT_EXEC | PROT_READ | PROT_WRITE);
A commit in branch main references this bug:
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-01-10 03:05:42 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-01-10 06:25:43 +0000
libc: implement rtld_get_stack_prot() for real
which makes stack prot correct for non-main threads created by binaries
with statically linked libthr.
Cache result, but do not engage into the full double-checked locking,
since calculation of the return value is idempotent.
Reported and reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28075
lib/libc/gen/dlfcn.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
MFC'd to stable/12 in b63c36db2065770a0b17925cb3b51cde6af95add