From: orc <orc@sibserver.ru>
To: musl@lists.openwall.com
Subject: Re: noexecstack
Date: Mon, 6 Aug 2012 17:11:47 +0800 [thread overview]
Message-ID: <20120806171147.3ee7effd@sibserver.ru> (raw)
In-Reply-To: <CAPLrYEQw=CQAqSQTyO1KjXz5ypB1GRtUp7gZoRzuxJfTaqcsHA@mail.gmail.com>
On Mon, 6 Aug 2012 10:46:56 +0200
Daniel Cegiełka <daniel.cegielka@gmail.com> wrote:
> 2012/8/6 orc <orc@sibserver.ru>:
> > On Mon, 6 Aug 2012 09:16:10 +0200
> > Daniel Cegiełka <daniel.cegielka@gmail.com> wrote:
> >
>
> >> It would be very nice if we could solve this problem in this way.
> >> I'm currently using this patch, but this is not the best solution
> >> in my opinion. Ideally if the system (kernel, binutils, libc)
> >> enforce noexecstack by default... definitely worth look closer at
> >> this issue.
> >
> > Consider this patch as enforcing binutils' noexecstack by default:
> >
> > diff -Naur binutils-2.17.50.0.17.o/ld/ldmain.c
> > binutils-2.17.50.0.17/ld/ldmain.c ---
> > binutils-2.17.50.0.17.o/ld/ldmain.c 2007-06-19
> > 01:31:40.000000000 +0800 +++ binutils-2.17.50.0.17/ld/ldmain.c
> > 2012-08-03 19:59:26.658980680 +0800 @@ -281,6 +281,8 @@
> > link_info.pei386_auto_import = -1; link_info.spare_dynamic_tags = 5;
> > link_info.sharable_sections = FALSE;
> > + link_info.execstack = FALSE;
> > + link_info.noexecstack = TRUE;
> >
> > ldfile_add_arch ("");
> > emulation = get_emulation (argc, argv);
> >
> > (this one for binutils 2.17.50.0.17, recent maybe patched with
> > finding where link_info is initialized and appending this two lines)
> >
> > GCC generates same .note.GNU-stack section definition in it's asm
> > output, as seen in your patch, but I don't know when it needs
> > executable stack and generates another definition.
>
> I'm afraid that this option will not work with .S files. Here is a
> comment to this feature:
>
> http://www.cygwin.com/ml/binutils/2003-06/msg00128.html
>
> Here is another patch:
>
> http://sourceware.org/ml/binutils/2003-05/msg00741.html
>
> it's like in the Vasily's patch with stack flags (PF_R | PF_W | PF_X):
>
> http://www.openwall.com/lists/owl-dev/2012/08/05/3
>
> Daniel
It seems that this is under GCC control (NEED_INDICATE_EXEC_STACK
macro, related subroutine in gcc/varasm.c). If .S has no .note.GNU-stack
section definition, than the produced .o file will be clean from it and
it will be task of binutils' ld to decide create executable stack
segment or not.
If you about .S files that are parts of musl, then this patch will be
enough. It is the same of -z noexecstack.
(Ideal situation here is that all the code can work with non-executable
stack and there are no such ugly extensions in ELF)
next prev parent reply other threads:[~2012-08-06 9:11 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-05 21:35 noexecstack Daniel Cegiełka
2012-08-05 21:41 ` noexecstack Anthony G. Basile
2012-08-05 21:46 ` noexecstack Rich Felker
2012-08-05 22:01 ` noexecstack Nathan McSween
2012-08-05 22:45 ` noexecstack Rich Felker
2012-08-06 6:43 ` noexecstack Szabolcs Nagy
2012-08-06 9:37 ` noexecstack Rich Felker
2012-08-06 11:19 ` noexecstack Szabolcs Nagy
2012-08-06 11:32 ` noexecstack Rich Felker
2012-08-06 21:11 ` noexecstack Kant
2012-10-03 15:54 ` noexecstack Rich Felker
2012-08-06 6:45 ` noexecstack orc
2012-08-06 7:16 ` noexecstack Daniel Cegiełka
2012-08-06 7:55 ` noexecstack Justin Cormack
2012-08-06 8:05 ` noexecstack orc
2012-08-06 8:46 ` noexecstack Daniel Cegiełka
2012-08-06 9:11 ` orc [this message]
2012-08-06 9:15 ` noexecstack orc
2012-08-07 11:57 ` noexecstack Vasily Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120806171147.3ee7effd@sibserver.ru \
--to=orc@sibserver.ru \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).