NDSS 2025 – Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
None
<p>Session 6D: Software Security: Vulnerability Detection </p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/Q91s02Mt_F0?si=eedj4u8G_XFIvZu8" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true">Authors, Creators & Presenters: Hengkai Ye (The Pennsylvania State University), Hong Hu (The Pennsylvania State University) <p></p><center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems <p></p><center data-preserve-html-node="true">Code injection was a favored technique for attackers to exploit buffer overflow vulnerabilities decades ago. Subsequently, the widespread adoption of lightweight solutions like write-xor-execute write-xor-execute effectively mitigated most of these attacks by disallowing writable-and-executable memory. However, we observe multiple concerning cases where software developers accidentally disabled write-xor-execute and reintroduced executable stacks to popular applications. Although each violation has been properly fixed, a lingering question remains: what underlying factors contribute to these recurrent mistakes among developers, even in contemporary software development practices? In this paper, we conduct two investigations to gain a comprehensive understanding of the challenges associated with properly enforcing write-xor-execute in Linux systems. First, we delve into program-hardening tools to assess whether experienced security developers consistently catch the necessary steps to avoid executable stacks. Second, we analyze the enforcement of write-xor-execute on Linux by inspecting the source code of the compilation toolchain, the kernel, and the loader. Our investigation reveals that properly enforcing write-xor-execute on Linux requires close collaboration among multiple components. These tools form a complex chain of trust and dependency to safeguard the program stack. However, developers, including security researchers, may overlook the subtle yet essential GNU-stack section when writing assembly code for various purposes, and inadvertently introduce executable stacks. For example, 11 program-hardening tools implemented as inlined reference monitors (IRM) introduce executable stacks to all “hardened” applications. Based on these findings, we discuss potential exploitation scenarios by attackers and provide suggestions to mitigate this issue. <hr> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <hr> <p>Our thanks to the <a href="https://www.ndss-symposium.org/">Network and Distributed System Security (NDSS) Symposium</a> for publishing their Creators, Authors and Presenter’s superb <a href="https://www.youtube.com/@NDSSSymposium">NDSS Symposium 2025 Conference</a> content on the <a href="https://www.ndss-symposium.org/">Organizations’</a> <a href="https://youtube.com/@ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel</a>. </p> <p></p></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/12/20/ndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/ndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems/" data-a2a-title="NDSS 2025 – Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems%2F&linkname=NDSS%202025%20%E2%80%93%20Too%20Subtle%20to%20Notice%3A%20Investigating%20Executable%20Stack%20Issues%20in%20Linux%20Systems" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems%2F&linkname=NDSS%202025%20%E2%80%93%20Too%20Subtle%20to%20Notice%3A%20Investigating%20Executable%20Stack%20Issues%20in%20Linux%20Systems" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems%2F&linkname=NDSS%202025%20%E2%80%93%20Too%20Subtle%20to%20Notice%3A%20Investigating%20Executable%20Stack%20Issues%20in%20Linux%20Systems" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems%2F&linkname=NDSS%202025%20%E2%80%93%20Too%20Subtle%20to%20Notice%3A%20Investigating%20Executable%20Stack%20Issues%20in%20Linux%20Systems" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-too-subtle-to-notice-investigating-executable-stack-issues-in-linux-systems%2F&linkname=NDSS%202025%20%E2%80%93%20Too%20Subtle%20to%20Notice%3A%20Investigating%20Executable%20Stack%20Issues%20in%20Linux%20Systems" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/Q91s02Mt_F0?si=eedj4u8G_XFIvZu8">https://www.youtube-nocookie.com/embed/Q91s02Mt_F0?si=eedj4u8G_XFIvZu8</a> </p>