SQ18101
Detected Linux executable files that declare the stack as executable, making non-executable memory mitigations less effective.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | high | low | None | hardening: warning Reason: baseline mitigations missing |
About the issueโ
The stack is a special program segment which is writable by design, and is commonly used to store function-specific data and execution context. Granting execution privileges to the stack segment reduces application security, because it makes it possible to execute arbitrary code stored on the stack. While many modern compilers will implement a non-executable stack by default, it can be unintentionally disabled or made explicitly executable in automatically generated or misconfigured compiler options.
How to resolve the issueโ
- Enable non-executable stack mitigation with the -z noexecstack parameter during compilation.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Memory Segment - Stack Segment (SS) (External resource - DataCadamia)
- Data Execution Prevention (External resource - Microsoft)