From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/1429 Path: news.gmane.org!not-for-mail From: orc Newsgroups: gmane.linux.lib.musl.general Subject: Re: noexecstack Date: Mon, 6 Aug 2012 17:11:47 +0800 Message-ID: <20120806171147.3ee7effd@sibserver.ru> References: <20120806144521.565b32cc@sibserver.ru> <20120806160532.78e11db5@sibserver.ru> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1344244429 14896 80.91.229.3 (6 Aug 2012 09:13:49 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 6 Aug 2012 09:13:49 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-1430-gllmg-musl=m.gmane.org@lists.openwall.com Mon Aug 06 11:13:50 2012 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1SyJNm-0005oj-08 for gllmg-musl@plane.gmane.org; Mon, 06 Aug 2012 11:13:50 +0200 Original-Received: (qmail 28402 invoked by uid 550); 6 Aug 2012 09:13:49 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 28379 invoked from network); 6 Aug 2012 09:13:44 -0000 In-Reply-To: X-Mailer: claws-mail Xref: news.gmane.org gmane.linux.lib.musl.general:1429 Archived-At: On Mon, 6 Aug 2012 10:46:56 +0200 Daniel Cegie=C5=82ka wrote: > 2012/8/6 orc : > > On Mon, 6 Aug 2012 09:16:10 +0200 > > Daniel Cegie=C5=82ka wrote: > > >=20 > >> It would be very nice if we could solve this problem in this way. > >> I'm currently using this patch, but this is not the best solution > >> in my opinion. Ideally if the system (kernel, binutils, libc) > >> enforce noexecstack by default... definitely worth look closer at > >> this issue. > > > > Consider this patch as enforcing binutils' noexecstack by default: > > > > diff -Naur binutils-2.17.50.0.17.o/ld/ldmain.c > > binutils-2.17.50.0.17/ld/ldmain.c --- > > binutils-2.17.50.0.17.o/ld/ldmain.c 2007-06-19 > > 01:31:40.000000000 +0800 +++ binutils-2.17.50.0.17/ld/ldmain.c > > 2012-08-03 19:59:26.658980680 +0800 @@ -281,6 +281,8 @@ > > link_info.pei386_auto_import =3D -1; link_info.spare_dynamic_tags =3D 5; > > link_info.sharable_sections =3D FALSE; > > + link_info.execstack =3D FALSE; > > + link_info.noexecstack =3D TRUE; > > > > ldfile_add_arch (""); > > emulation =3D get_emulation (argc, argv); > > > > (this one for binutils 2.17.50.0.17, recent maybe patched with > > finding where link_info is initialized and appending this two lines) > > > > GCC generates same .note.GNU-stack section definition in it's asm > > output, as seen in your patch, but I don't know when it needs > > executable stack and generates another definition. >=20 > I'm afraid that this option will not work with .S files. Here is a > comment to this feature: >=20 > http://www.cygwin.com/ml/binutils/2003-06/msg00128.html >=20 > Here is another patch: >=20 > http://sourceware.org/ml/binutils/2003-05/msg00741.html >=20 > it's like in the Vasily's patch with stack flags (PF_R | PF_W | PF_X): >=20 > http://www.openwall.com/lists/owl-dev/2012/08/05/3 >=20 > Daniel It seems that this is under GCC control (NEED_INDICATE_EXEC_STACK macro, related subroutine in gcc/varasm.c). If .S has no .note.GNU-stack section definition, than the produced .o file will be clean from it and it will be task of binutils' ld to decide create executable stack segment or not. If you about .S files that are parts of musl, then this patch will be enough. It is the same of -z noexecstack. (Ideal situation here is that all the code can work with non-executable stack and there are no such ugly extensions in ELF)