From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 17967 invoked from network); 10 Jun 2020 10:31:18 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 10 Jun 2020 10:31:18 -0000
Received: (qmail 20249 invoked by uid 550); 10 Jun 2020 10:31:14 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 20228 invoked from network); 10 Jun 2020 10:31:14 -0000
Date: Wed, 10 Jun 2020 12:31:02 +0200
From: Szabolcs Nagy <nsz@port70.net>
To: Norbert Lange <nolange79@gmail.com>
Cc: musl@lists.openwall.com
Message-ID: <20200610103102.GF871552@port70.net>
Mail-Followup-To: Norbert Lange <nolange79@gmail.com>,
	musl@lists.openwall.com
References: <CADYdroN+CxoPihWQtAR7rOM9A9cDtUr9a9RzP4SrG7d6G1gv0A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CADYdroN+CxoPihWQtAR7rOM9A9cDtUr9a9RzP4SrG7d6G1gv0A@mail.gmail.com>
Subject: Re: [musl] Mark stack as non-executable in asm

* Norbert Lange <nolange79@gmail.com> [2020-06-10 11:24:04 +0200]:
> I did borrow some assembler files to avoid having to link against
> (any) libc. That was for building a DSO, ultimately loaded via glibc.
> The effect was that glibc did change the protection of all stacks to
> be executable.
> 
> Would you consider adding the line [1]
> .section        .note.GNU-stack, "", %progbits
> to assembly files?
> 
> I know this is not a musl bug, and I can easily add the lines myself.

musl build system (just like other libcs i know of)
pass -noexecstack to the assembler so if you build
the asm files as part of libc the object files should
have the marking, if you build outside of libc i
think it's your responsibility to add the note
(either to the asm or via the -Wa,-noexecstack flag)

readelf -lW libfoo.so | grep GNU_STACK

is one way to verify that everything has the note.

> 
> regards, Norbert
> 
> [1] - https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks