Home > other >  Why does the .bss segment have no executable attribute?
Why does the .bss segment have no executable attribute?

Time:12-20

I have an ELF 32-bit executable file named orw from the pwnable.tw: enter image description here

But in my Ubuntu20 and IDA Pro, the .bss segment have no executable attributes, why? enter image description here enter image description here

CodePudding user response:

Why does the .bss segment have no executable attribute?

In a normal executable .bss should not have execute permissions, so it's the Ubuntu 18.04 result that is strange, not the other way around.

The following are all relevant here:

  • output from readelf -Wl orw
  • kernel versions
  • output from cat /proc/cpuinfo
  • emulator details (if you are using some kind of emulator).

I suspect that you are using an emulator, and it's set up to emulate pre-NX-bit processor (where the W bit implied X bit as well).

Alternatively, the executable lacks PT_GNU_STACK segment, in which case this answer is likely the correct one -- kernel defaults have changed for such binaries.

CodePudding user response:

.bss is a segment for uninitialized global variables, so It's not normally executable (it doesn't need to). If you want it executable (because you are compiling machine code that you want to be able to test) you will probably need to select a special segment or to create two segments (one executable and other read/write) overlapping to allow to write the code while you can also execute it. This can be already specified in the standard script you use to link executables (with a different name, sure) or if it has not been done for you, you can specify a linker script that allows for those to be created. Read the linker documentation (in full, sorry) to know how the linker deals with this (and other) idiosynchracies of your processor architecture.

I don't know what architecture you are using, but for example, intel processors have an execution bit permissions in the segments, as they have read and write, which means that the memory access for an executable segment must be an opcode fetch access and not a data read access to load a data register. If you want to access the text segment for data reading, then you need to add also read access to the text segment to be able to see the code you are executing.

  • Related