On Tue, Jun 23, 2020 at 10:39:26AM -0700, Christian Kujau wrote: > Hi, > > exactly this[0] happened today, on a 5.6.5 kernel: > > process '/usr/bin/rsync' started with executable stack > > But I can't reproduce this message, and rsync (v3.2.0, not exactly > abandonware) runs several times a day, so to repeat Andrew's questions[0] > from last year: > > > What are poor users supposed to do if this message comes out? > > Hopefully google the message and end up at this thread. What do you > > want to tell them? > > Also, the PID is missing from that message. I had some long running rsync > processes running earlier, maybe the RWE status would have been visible in > /proc/$PID/map, or somewhere else maybe? > > Please advise? :-) > > Thanks, > Christian. > > [0] https://lore.kernel.org/patchwork/patch/1164047/#1362722 > > > $ checksec --format=json --extended --file=`which rsync` | jq > { > "/usr/bin/rsync": { > "relro": "full", > "canary": "yes", > "nx": "no", ^^^^^^^^^^^^^^^^^^
It is, indeed, marked executable, it seems. What distro is this? -Kees > "pie": "yes", > "clangcfi": "no", > "safestack": "no", > "rpath": "no", > "runpath": "no", > "symbols": "no", > "fortify_source": "yes", > "fortified": "10", > "fortify-able": "19" > } > } > > -- > BOFH excuse #244: > > Your cat tried to eat the mouse. -- Kees Cook
