From: Rich Felker <dalias@aerifal.cx>
To: musl@lists.openwall.com
Subject: Re: noexecstack
Date: Sun, 5 Aug 2012 18:45:01 -0400 [thread overview]
Message-ID: <20120805224501.GM544@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAMSMCxk6KrAyWsHveY-62erJTkK0OcK1_iS_XB8bEHHrPCom2w@mail.gmail.com>
On Sun, Aug 05, 2012 at 03:01:08PM -0700, Nathan McSween wrote:
> On Sun, Aug 5, 2012 at 2:46 PM, Rich Felker <dalias@aerifal.cx> wrote:
> > On Sun, Aug 05, 2012 at 11:35:36PM +0200, Daniel Cegiełka wrote:
> >> Vasily Kulikov published a patch for nonexecutable stack for glibc in Owl.
> >>
> >> http://openwall.com/lists/owl-dev/2012/08/05/1
> >> http://openwall.com/lists/owl-dev/2012/08/05/3
> >>
> >> Should we support this in the musl?
> >
> > Yes, but there should be a way to do it without putting ugly stuff
> > like this in every single asm file. Why isn't there a command-line
> > option to the assembler to do it? Or a way to do it globally with
> > objcopy?
> >
> > Better yet, why is executable stack even still supported by Linux at
> > all?
> >
> > Rich
>
> GCC nested functions require executable stack
Yes, I'm aware...
> and consequently quite a
> few GNU / bad projects utilize this 'feature'.
I doubt they do anymore since, as far as I know, most
security-hardened kernels permanently disable executable stack even in
programs that "request" it (by failing to put a GNU-specific header
not requesting it). A while back I had to fix musl's thread stack
allocation to use PROT_READ|PROT_WRITE without PROT_EXEC because
hardened kernels were refusing to make the mapping altogether with
both PROT_WRITE and PROT_EXEC specified. So at present, executable
stack is not supported in musl anyway except in the main thread, and
I'd be plenty happy to just kill it off completely if there were a
way..
Rich
next prev parent reply other threads:[~2012-08-05 22:45 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-05 21:35 noexecstack Daniel Cegiełka
2012-08-05 21:41 ` noexecstack Anthony G. Basile
2012-08-05 21:46 ` noexecstack Rich Felker
2012-08-05 22:01 ` noexecstack Nathan McSween
2012-08-05 22:45 ` Rich Felker [this message]
2012-08-06 6:43 ` noexecstack Szabolcs Nagy
2012-08-06 9:37 ` noexecstack Rich Felker
2012-08-06 11:19 ` noexecstack Szabolcs Nagy
2012-08-06 11:32 ` noexecstack Rich Felker
2012-08-06 21:11 ` noexecstack Kant
2012-10-03 15:54 ` noexecstack Rich Felker
2012-08-06 6:45 ` noexecstack orc
2012-08-06 7:16 ` noexecstack Daniel Cegiełka
2012-08-06 7:55 ` noexecstack Justin Cormack
2012-08-06 8:05 ` noexecstack orc
2012-08-06 8:46 ` noexecstack Daniel Cegiełka
2012-08-06 9:11 ` noexecstack orc
2012-08-06 9:15 ` noexecstack orc
2012-08-07 11:57 ` noexecstack Vasily Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120805224501.GM544@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).