Too Subtle to Notice: Investigating Executable Stack Issues in Linux Systems
Hengkai Ye
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Software Security: Vulnerability Detection
In this presentation, Hengkai Ye from Pensday delves into a surprising and persistent security vulnerability: the existence of executable stacks in modern Linux systems, despite decades of established defenses. The talk introduces a novel problem termed "**badass**" (bad assembly files), which highlights how seemingly innocuous omissions in assembly code can inadvertently re-enable code injection attack vectors. Ye’s investigation reveals that this issue is not confined to obscure legacy applications but affects widely used and open-source software, including security-critical tools.
AI review
Solid, original systems security research that surfaces a real and embarrassing blind spot in the W^X enforcement chain — the kind of finding that's obvious in retrospect but clearly required systematic effort to document at scale. The fact that 11 of 21 security-focused reference monitors were bitten by this is the killer stat that earns the talk its seat.