Bug 107124 - Consider using exploit mitigation features in standard Linux builds like ASLR (-pie) and Stack Canaries (-fstack-protector-strong)
Summary: Consider using exploit mitigation features in standard Linux builds like ASLR...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
(earliest affected) release
Hardware: All Linux (All)
: medium enhancement
Assignee: Not Assigned
Depends on:
Blocks: Privacy
  Show dependency treegraph
Reported: 2017-04-12 16:01 UTC by Hanno Boeck
Modified: 2023-10-03 14:27 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck 2017-04-12 16:01:22 UTC
The Linux download packages of libreoffice are not compiled with common hardening flags that enable exploit mitigation features. This makes exploiting security vulnerabilities much easier.

Here's the output of the checksec[1] tool for the soffice.bin of the Libreoffice Linux x86_64 RPM download:
checksec --file ./opt/libreoffice5.3/program/soffice.bin
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH	FORTIFY	Fortified Fortifiable  FILE
No RELRO        No canary found   NX enabled    No PIE          RPATH      No RUNPATH   No	0		0	./opt/libreoffice5.3/program/soffice.bin

I'm not familiar with all those features, but most notably there's no PIE (and thus no address space layout randomization) and no stack cookies.

stack cookies can be enabled with -fstack-protector or -fstack-protector-strong (read [2] for the difference). It is pretty common to do this these days, so I'm surprised it's not enabled here.

ASLR is randomizing the addresses of functions and data in memory, however for it to work it needs position independent code and position independent executables, enabled with the -fpic and -pie flags. If those aren't enabled then only libraries will be randomized, but not the code from the main executable (which makes ASLR mostly pointless, because there's usually enough code to do rop-style attacks in the main exec).

To advance libreoffice as a secure application I think it'd be good to enable these (and maybe other) exploit mitigations. (Similar features are available on Windows, but this is probably better discussed in a separate bug.)

[1] https://github.com/slimm609/checksec.sh
[2] https://lwn.net/Articles/584225/
Comment 1 Buovjaga 2017-04-17 17:18:16 UTC
Ok -> NEW
Comment 2 Timur 2019-09-11 10:41:06 UTC
I can't say whether this is related to existing LibreOffice exploits at https://www.exploit-db.com/ but let me mention them.