SQ18103
Detected Linux executable files that might set writable and executable permissions to the code segment, making non-executable memory mitigations less effective.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | high | medium | None | hardening: warning Reason: ineffective mitigations found |
About the issueโ
Presence of code relocations indicates that the code segment might temporarily, at one point, become both writable and executable. That violates security policies adopted by most modern Linux distributions. During the brief period in which the code segment is both writable and executable, the attacker may be able to overwrite the code with a malicious program.
How to resolve the issueโ
- Code relocations often appear due to inadequately written inline assembly, or when programs are not compiled with the appropriate position-independent code flag (e.g. -fPIC). In most cases, manual inspection may be required.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Relocation in Computing (External resource - Lemp)
- Data Execution Prevention (External resource - Microsoft)