Segmentation fault .data

Question

I have a little question about "segmentation-fault" issue, but I can find any answer.

I can deactivate the stack protection at the gcc compilation, with options [-fno-stack-protector] -z execstack:

GNU_STACK 0x0000000000000000  **RWE**    10
-->
GNU_STACK 0x0000000000000000  **RW**     10

But: For me, the .data section is not in the GNU_STACK segment! (Am I wrong?)

So, I don't understand why in one case I can execute a shellcode which is in the .data section, and I can't in another!

If it can help:

JC@ubuntu:~$ cat testShellcode2.c

    char bytecode[] = "\x48\x31\xc0\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x52\xeb\x15\x48\x8b\x3c\x24\x48\x89\xe6\xb0\x3b\x0f\x05\x48\x31\xc0\x48\x31\xff\xb0\x3c\x0f\x05\xe8\xe6\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";

    int main(){
        int (*ret)() ;
        ret = (int(*)()) bytecode;
        ret();
    }


JC@ubuntu:~$ cp testShellcode2.c testShellcode3.c

JC@ubuntu:~$ gcc -fno-stack-protector -z execstack testShellcode2.c -o testShellcode2

JC@ubuntu:~$ gcc testShellcode3.c -o testShellcode3

JC@ubuntu:~$ ./testShellcode2
$ exit

JC@ubuntu:~$ ./testShellcode3
Segmentation fault (core dumped)

JC@ubuntu:~$ readelf -a testShellcode2 > elf2

JC@ubuntu:~$ readelf -a testShellcode3 > elf3

JC@ubuntu:~$ diff elf2 elf3

                  0x0000000000000000 0x0000000000000000  RWE    10

                  0x0000000000000000 0x0000000000000000  RW     10

Answer 1

This is actually interesting question, and a detailed answer is provided here.

The short story is that on older ix86 processors, any readable memory was also executable, and the Linux kernel gives you that behavior when it detects that your executable "doesn't want modern security protections".