Source: qtwebengine-opensource-src Severity: normal The libQt5WebEngineCore.so shared object requests an executable stack from the loader. You can see this using "readelf -l" and inspecting the GNU_STACK program header. All programs linked against this library also get an executable stack whether or not they need or want it. Affected programs include several that parse hostile input from the internet, such as KMail, Akregator, qutebrowser, and Akonadi. Other Qt and KDE applications are also affected.
You can see the executable stack in affected programs by looking in their /proc/PID/maps while they're running. This isn't a security vulnerability in itself, but an executable stack makes vulnerabilities in all these applications much easier to exploit. Fortunately there's no need for an executable stack in QtWebEngine. It only arises due to a compilation misconfiguration: A handful of object files fail to use .note.GNU-stack to opt out an executable stack. https://www.airs.com/blog/archives/518 I've attached a list of the offending object files. Each is an assembly file, and all but one belong to BoringSSL. Either each of these each need to be assembled with an empty .note.GNU-stack section, or the "-z noexecstack" option needs to be supplied at link time.
./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aes128gcmsiv-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/chacha-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x25519-asm-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x86_64-mont5.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha256-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/x86_64-mont.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/vpaes-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha1-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/rdrand-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/sha512-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/p256-x86_64-asm.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/md5-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/rsaz-avx2.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/ghash-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aesni-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/bsaes-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aesni-gcm-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/aes-x86_64.o ./src/core/release/host/obj/third_party/boringssl/boringssl_asm/chacha20_poly1305_x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/x25519-asm-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/x86_64-mont5.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/vpaes-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/sha1-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/x86_64-mont.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/sha512-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/rdrand-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/sha256-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/p256-x86_64-asm.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/aesni-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/rsaz-avx2.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/md5-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/bsaes-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/ghash-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/aesni-gcm-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/aes-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/chacha20_poly1305_x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/chacha-x86_64.o ./src/core/release/obj/third_party/boringssl/boringssl_asm/aes128gcmsiv-x86_64.o ./src/core/release/obj/third_party/WebKit/Source/platform/heap/asm/asm/SaveRegisters_x86.o