Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Aug 2012 15:57:59 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: musl@...ts.openwall.com
Subject: Re: noexecstack

Hi,

On Mon, Aug 06, 2012 at 14:45 +0800, orc wrote:
> - this (GNU_STACK) is binutils-specific (tinycc, for example, does not
>   generate ELFs with that section, and future direction should be on
>   that plain ELFs without any gnuish extensions IMO)

I haven't seen any specs for GNU_STACK, but it is used by Linux kernel,
so it is a de facto standard in Linux.

> - Kernel sets executable stack by default, kernel can be patched not to
>   do that (that's one line patch per architecture)

This "default" is a case of absent GNU_STACK in the executable.  This
case is fully handled in my patch.  It will not be present in the
upstream kernel, though.

> - binutils can be patched to not produce ELFs with executable stack by
>   default

As with kernel defaults, upstream binutils is WONTFIX.  Use hardened
kernel/toolchain or set -z,noexecstack (the latter is better unless you
use nested functions or something).

Thanks,

-- 
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.