From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/1426 Path: news.gmane.org!not-for-mail From: Justin Cormack Newsgroups: gmane.linux.lib.musl.general Subject: Re: noexecstack Date: Mon, 6 Aug 2012 08:55:32 +0100 Message-ID: References: <20120806144521.565b32cc@sibserver.ru> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: dough.gmane.org 1344239749 11288 80.91.229.3 (6 Aug 2012 07:55:49 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 6 Aug 2012 07:55:49 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-1427-gllmg-musl=m.gmane.org@lists.openwall.com Mon Aug 06 09:55:49 2012 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1SyIAE-0006LY-6n for gllmg-musl@plane.gmane.org; Mon, 06 Aug 2012 09:55:46 +0200 Original-Received: (qmail 27699 invoked by uid 550); 6 Aug 2012 07:55:45 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 27690 invoked from network); 6 Aug 2012 07:55:44 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=specialbusservice.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=8wq5/mOcPxbVb5taUlgXR2uH+h3bRQIx5TxTeBTkz5o=; b=ZHpYGLxCJV4WBGXJNO+3zmg3QnHjgmqNIb9y+6jlRw7ktGlAXN8cEG8CMZZdjFDVcc CEJhYI1OBptcHHleyPxyIicUwrfEjCA6kQuPJYvsQL2RBZ5vCg3B0gr1pcKtv/UwZJDy yoJw30OGsj9kQAdrYPsqmKPfu0YZy6TPRrRXw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding:x-gm-message-state; bh=8wq5/mOcPxbVb5taUlgXR2uH+h3bRQIx5TxTeBTkz5o=; b=V642pwP92Yxb2A8t7acujlA9KhkcTdYNcU1hvgJMtwg+bAub+RxmMjLF7n/wf5BC8k YxstWsGOQN/4w0GXT4DPNHAOdD8GdyM8MZAavKWkVIr1cOHwug4l5BoxkIx7IjMCRB2Q faH0qP90e+TO9RLj3oO3qtU4WzLX0T9VE+5aGVSYoxfRAOh8cLAO8sRISSncXxH5LkRD MFgZgiv871uiHncujsdmkRanIpSq2ShWSLdjC7KfOQ+8TkoXCtTjkt1z+8WolLH84xOw HB3ABBENd2NpmmFCvFbBz/mMEFWOzWAtjP0pVql1JQnc5cdUolZt26XxVzya0lFpEbnm koCw== In-Reply-To: X-Gm-Message-State: ALoCoQl6KgOPIFPHutmtf+/ya2RgKtlLInw4gEfOTtpusyE3ojKAMFhJTkYugFr2aOKzPvDlNZxv Xref: news.gmane.org gmane.linux.lib.musl.general:1426 Archived-At: On Mon, Aug 6, 2012 at 8:16 AM, Daniel Cegie=C5=82ka wrote: > 2012/8/6 orc : >> On Sun, 5 Aug 2012 23:35:36 +0200 > >> Correct me if I'm wrong, but this is ugly stuff. >> >> - binutils ld has -z noexecstack command line option. >> - this (GNU_STACK) is binutils-specific (tinycc, for example, does not >> generate ELFs with that section, and future direction should be on >> that plain ELFs without any gnuish extensions IMO) >> - Kernel sets executable stack by default, kernel can be patched not to >> do that (that's one line patch per architecture) > > Can you give some example of how to do it? It might be worthwhile to > introduce it into the main repository of Linux. What do you think? That seems very sane to me. CONFIG_EXEC_STACK=3Dn or something. I imagine the distros would pick it up pretty fast. (Unless it breaks Oracle or something, but at least the option is there, and it doesnt rule out any of the other options). Justin