Executable Stack Vulnerability

[stack_executable_strace.txt](https://github.com/chimari/MaCoPiX/files/12527418/stack_executable_strace.txt)
The code currently makes the stack executable. Probably not ideal as this provides a vector for buffer overflows. I think this could get root if someone is running Xorg as root, which is still often the default. See: https://en.wikipedia.org/wiki/Stack_buffer_overflow

```
/usr/bin/make  all-recursive
make[1]: Entering directory '/remote/projects/OS/MaCoPiX'
Making all in intl
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/intl'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/intl'
Making all in m4
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/m4'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/m4'
Making all in po
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/po'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/po'
Making all in src
make[2]: Entering directory '/remote/projects/OS/MaCoPiX/src'
/usr/bin/make  all-recursive
make[3]: Entering directory '/remote/projects/OS/MaCoPiX/src'
Making all in icons
make[4]: Entering directory '/remote/projects/OS/MaCoPiX/src/icons'
make[4]: Nothing to be done for 'all'.
make[4]: Leaving directory '/remote/projects/OS/MaCoPiX/src/icons'
make[4]: Entering directory '/remote/projects/OS/MaCoPiX/src'
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -g -O2    -o macopix main.o macos_getwin.o callbacks.o pixmap.o gui.o balloon.o clock.o configfile.o utils.o gtkut.o mail.o pop.o md5c.o md5ify.o nokkari.o bmp.o bmpwrite.o sockmsg.o codeconv.o unmime.o base64.o quoted-printable.o unlha.o untar.o trayicon.o alpha.o ssl.o sslmanager.o dnd.o resources.o http-client.o -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -lharfbuzz -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0  -lglib-2.0   macopix.res           -lX11  -lssl -lcrypto 
libtool: link: gcc -g -O2 -o macopix main.o macos_getwin.o callbacks.o pixmap.o gui.o balloon.o clock.o configfile.o utils.o gtkut.o mail.o pop.o md5c.o md5ify.o nokkari.o bmp.o bmpwrite.o sockmsg.o codeconv.o unmime.o base64.o quoted-printable.o unlha.o untar.o trayicon.o alpha.o ssl.o sslmanager.o dnd.o resources.o http-client.o macopix.res  -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -lharfbuzz -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lX11 -lssl -lcrypto
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: warning: **macopix.res: missing .note.GNU-stack section implies executable stack**
/usr/lib/gcc/x86_64-pc-linux-gnu/13/../../../../x86_64-pc-linux-gnu/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
macopix.res:(.rsrc$01+0x378): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x278): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x288): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x298): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2a8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2b8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2c8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2d8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2e8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x2f8): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x308): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x318): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x328): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x338): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x348): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x358): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
macopix.res:(.rsrc$01+0x368): dangerous relocation: R_AMD64_IMAGEBASE with __ImageBase undefined
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:575: macopix] Error 1
make[4]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[3]: *** [Makefile:649: all-recursive] Error 1
make[3]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[2]: *** [Makefile:486: all] Error 2
make[2]: Leaving directory '/remote/projects/OS/MaCoPiX/src'
make[1]: *** [Makefile:598: all-recursive] Error 1
make[1]: Leaving directory '/remote/projects/OS/MaCoPiX'
make: *** [Makefile:485: all] Error 2
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Executable Stack Vulnerability #8

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Executable Stack Vulnerability #8

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions