mailing list of musl libc
 help / color / Atom feed
* [musl] Mark stack as non-executable in asm
@ 2020-06-10  9:24 Norbert Lange
  2020-06-10 10:31 ` Szabolcs Nagy
  0 siblings, 1 reply; 4+ messages in thread
From: Norbert Lange @ 2020-06-10  9:24 UTC (permalink / raw)
  To: musl

Hello,

I did borrow some assembler files to avoid having to link against
(any) libc. That was for building a DSO, ultimately loaded via glibc.
The effect was that glibc did change the protection of all stacks to
be executable.

Would you consider adding the line [1]
.section        .note.GNU-stack, "", %progbits
to assembly files?

I know this is not a musl bug, and I can easily add the lines myself.

regards, Norbert

[1] - https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [musl] Mark stack as non-executable in asm
  2020-06-10  9:24 [musl] Mark stack as non-executable in asm Norbert Lange
@ 2020-06-10 10:31 ` Szabolcs Nagy
  2020-06-10 10:39   ` Jeffrey Walton
  2020-06-10 10:43   ` Norbert Lange
  0 siblings, 2 replies; 4+ messages in thread
From: Szabolcs Nagy @ 2020-06-10 10:31 UTC (permalink / raw)
  To: Norbert Lange; +Cc: musl

* Norbert Lange <nolange79@gmail.com> [2020-06-10 11:24:04 +0200]:
> I did borrow some assembler files to avoid having to link against
> (any) libc. That was for building a DSO, ultimately loaded via glibc.
> The effect was that glibc did change the protection of all stacks to
> be executable.
> 
> Would you consider adding the line [1]
> .section        .note.GNU-stack, "", %progbits
> to assembly files?
> 
> I know this is not a musl bug, and I can easily add the lines myself.

musl build system (just like other libcs i know of)
pass -noexecstack to the assembler so if you build
the asm files as part of libc the object files should
have the marking, if you build outside of libc i
think it's your responsibility to add the note
(either to the asm or via the -Wa,-noexecstack flag)

readelf -lW libfoo.so | grep GNU_STACK

is one way to verify that everything has the note.

> 
> regards, Norbert
> 
> [1] - https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [musl] Mark stack as non-executable in asm
  2020-06-10 10:31 ` Szabolcs Nagy
@ 2020-06-10 10:39   ` Jeffrey Walton
  2020-06-10 10:43   ` Norbert Lange
  1 sibling, 0 replies; 4+ messages in thread
From: Jeffrey Walton @ 2020-06-10 10:39 UTC (permalink / raw)
  To: musl, Norbert Lange

On Wed, Jun 10, 2020 at 6:31 AM Szabolcs Nagy <nsz@port70.net> wrote:
>
> * Norbert Lange <nolange79@gmail.com> [2020-06-10 11:24:04 +0200]:
> > I did borrow some assembler files to avoid having to link against
> > (any) libc. That was for building a DSO, ultimately loaded via glibc.
> > The effect was that glibc did change the protection of all stacks to
> > be executable.
> >
> > Would you consider adding the line [1]
> > .section        .note.GNU-stack, "", %progbits
> > to assembly files?
> >
> > I know this is not a musl bug, and I can easily add the lines myself.
>
> musl build system (just like other libcs i know of)
> pass -noexecstack to the assembler so if you build
> the asm files as part of libc the object files should
> have the marking, if you build outside of libc i
> think it's your responsibility to add the note
> (either to the asm or via the -Wa,-noexecstack flag)
>
> readelf -lW libfoo.so | grep GNU_STACK
>
> is one way to verify that everything has the note.

It may be worth mentioning, according to the Binutil folks, the stack
size has to be 0. A non-0 stack size means executable stacks are in
effect. In the case of non-0, I believe the loader is responsible for
loss of the nx-stack.

Jeff

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [musl] Mark stack as non-executable in asm
  2020-06-10 10:31 ` Szabolcs Nagy
  2020-06-10 10:39   ` Jeffrey Walton
@ 2020-06-10 10:43   ` Norbert Lange
  1 sibling, 0 replies; 4+ messages in thread
From: Norbert Lange @ 2020-06-10 10:43 UTC (permalink / raw)
  To: Norbert Lange, musl

Am Mi., 10. Juni 2020 um 12:31 Uhr schrieb Szabolcs Nagy <nsz@port70.net>:
>
> * Norbert Lange <nolange79@gmail.com> [2020-06-10 11:24:04 +0200]:
> > I did borrow some assembler files to avoid having to link against
> > (any) libc. That was for building a DSO, ultimately loaded via glibc.
> > The effect was that glibc did change the protection of all stacks to
> > be executable.
> >
> > Would you consider adding the line [1]
> > .section        .note.GNU-stack, "", %progbits
> > to assembly files?
> >
> > I know this is not a musl bug, and I can easily add the lines myself.
>
> musl build system (just like other libcs i know of)
> pass -noexecstack to the assembler so if you build
> the asm files as part of libc the object files should
> have the marking, if you build outside of libc i
> think it's your responsibility to add the note
> (either to the asm or via the -Wa,-noexecstack flag)
>
> readelf -lW libfoo.so | grep GNU_STACK
>
> is one way to verify that everything has the note.

Yeah easy to do, just may take a lot time till you figure out why just
sometimes your app gets its stack remapped.
I understand your position, the aim was to safe other people such trouble.

Norbert

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-10  9:24 [musl] Mark stack as non-executable in asm Norbert Lange
2020-06-10 10:31 ` Szabolcs Nagy
2020-06-10 10:39   ` Jeffrey Walton
2020-06-10 10:43   ` Norbert Lange

mailing list of musl libc

Archives are clonable: git clone --mirror http://inbox.vuxu.org/musl

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.musl


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git