mongod, mongoperf and mongosniff has executable GNU_STACK. This is a real error. It means the program has an executable stack. This leaves the program vulnerable to buffer overflows.
$ execstack path/to/binary
- path/to/binary
A - indicates the secure non-executability.
If that shows an X or ? next to a file name, then the stack will be executable, i.e. insecure, i.e. bad. Furthermore, ? indicates a binary built with no marking at all, which is almost certainly a build error of some kind.
You can check it by execstack program.
[mskalick@unused-4-188 tmp]$ execstack bin/* - bin/bsondump - bin/mongo X bin/mongod - bin/mongodump - bin/mongoexport - bin/mongofiles - bin/mongoimport - bin/mongooplog X bin/mongoperf - bin/mongorestore - bin/mongos - bin/mongostat - bin/mongotop
(I was trying to build MongoDB myself and mongosniff is also affected)
Binaries from 3.2.4 are not affected. So this was introduced in 3.2.5.
More info https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
- is depended on by
-
SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7
- Closed
- is duplicated by
-
SERVER-23863 MongoDB v3.2.5 crash due to permission denied execmem - SELinux CentOS 7
- Closed
-
SERVER-24101 MongoDB needs excecution permission on ld.so.cache and locale-archive when running on SELinux
- Closed
- is related to
-
SERVER-24120 Make link warnings fatal
- Closed
- related to
-
WT-2629 Introduction of ppc64le crc32c assembly file has made the stack executable
- Closed