Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Jun 2020 12:31:02 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: Norbert Lange <nolange79@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: Mark stack as non-executable in asm

* Norbert Lange <nolange79@...il.com> [2020-06-10 11:24:04 +0200]:
> I did borrow some assembler files to avoid having to link against
> (any) libc. That was for building a DSO, ultimately loaded via glibc.
> The effect was that glibc did change the protection of all stacks to
> be executable.
> 
> Would you consider adding the line [1]
> .section        .note.GNU-stack, "", %progbits
> to assembly files?
> 
> I know this is not a musl bug, and I can easily add the lines myself.

musl build system (just like other libcs i know of)
pass -noexecstack to the assembler so if you build
the asm files as part of libc the object files should
have the marking, if you build outside of libc i
think it's your responsibility to add the note
(either to the asm or via the -Wa,-noexecstack flag)

readelf -lW libfoo.so | grep GNU_STACK

is one way to verify that everything has the note.

> 
> regards, Norbert
> 
> [1] - https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.