CVE-2019-8849: SwiftNIO SSL Executable Stack

Summary

If you or any of your dependencies are running on Linux and using swift-nio-ssl 2.0.0 through 2.4.0 inclusive, please update to swift-nio-ssl 2.4.1 or later effective immediately. Note that swift-nio-ssl 2.4.1 was released with a cloaked security patch on October 4th, so it is entirely possible that you have already picked up this fix. A number of 2.4.x releases have been shipped since 2.4.1: any later release is also acceptable.

Details

swift-nio-ssl from 2.0.0 to 2.4.0 inclusive on Linux suffered from a bug where the stack of any program using it would accidentally be mapped both writable and executable. This occurred due to the linker on Linux choosing to make the stack executable if the linked output contained any assembly file that did not contain a GNU-stack section with the appropriate content. This was missed when porting the build over from BoringSSL's upstream build, which passes a linker flag to amend this issue.

This cascades into the rest of the linkage process, causing many other binaries to be mapped rwx as well, in addition to the heap. This drastically weakens the security of the process in the face of buffer overflows or other memory mismanagement.

As SwiftPM does not allow us to pass a linker flag, this is fixed by amending the source files to add this section to the assembled output when it is relevant.

All affected users should update to 2.4.1, which contains a fix. If an update is not possible, one appropriate workaround is to build your SwiftPM project with -Xlinker -z -Xlinker noexecstack as extra flags to swift build . This will correctly flag the stack as non-executable.

See also the GitHub security advisory.

6 Likes
Terms of Service

Privacy Policy

Cookie Policy