From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/1421 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: noexecstack Date: Sun, 5 Aug 2012 18:45:01 -0400 Message-ID: <20120805224501.GM544@brightrain.aerifal.cx> References: <20120805214624.GL544@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: dough.gmane.org 1344206676 5902 80.91.229.3 (5 Aug 2012 22:44:36 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 5 Aug 2012 22:44:36 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-1422-gllmg-musl=m.gmane.org@lists.openwall.com Mon Aug 06 00:44:37 2012 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1Sy9Yr-0003UX-4j for gllmg-musl@plane.gmane.org; Mon, 06 Aug 2012 00:44:37 +0200 Original-Received: (qmail 25707 invoked by uid 550); 5 Aug 2012 22:44:34 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 25697 invoked from network); 5 Aug 2012 22:44:34 -0000 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:1421 Archived-At: On Sun, Aug 05, 2012 at 03:01:08PM -0700, Nathan McSween wrote: > On Sun, Aug 5, 2012 at 2:46 PM, Rich Felker wrote: > > On Sun, Aug 05, 2012 at 11:35:36PM +0200, Daniel Cegiełka wrote: > >> Vasily Kulikov published a patch for nonexecutable stack for glibc in Owl. > >> > >> http://openwall.com/lists/owl-dev/2012/08/05/1 > >> http://openwall.com/lists/owl-dev/2012/08/05/3 > >> > >> Should we support this in the musl? > > > > Yes, but there should be a way to do it without putting ugly stuff > > like this in every single asm file. Why isn't there a command-line > > option to the assembler to do it? Or a way to do it globally with > > objcopy? > > > > Better yet, why is executable stack even still supported by Linux at > > all? > > > > Rich > > GCC nested functions require executable stack Yes, I'm aware... > and consequently quite a > few GNU / bad projects utilize this 'feature'. I doubt they do anymore since, as far as I know, most security-hardened kernels permanently disable executable stack even in programs that "request" it (by failing to put a GNU-specific header not requesting it). A while back I had to fix musl's thread stack allocation to use PROT_READ|PROT_WRITE without PROT_EXEC because hardened kernels were refusing to make the mapping altogether with both PROT_WRITE and PROT_EXEC specified. So at present, executable stack is not supported in musl anyway except in the main thread, and I'd be plenty happy to just kill it off completely if there were a way.. Rich