Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 10 Jun 2020 12:43:54 +0200
From: Norbert Lange <nolange79@...il.com>
To: Norbert Lange <nolange79@...il.com>, musl@...ts.openwall.com
Subject: Re: Mark stack as non-executable in asm

Am Mi., 10. Juni 2020 um 12:31 Uhr schrieb Szabolcs Nagy <nsz@...t70.net>:
>
> * Norbert Lange <nolange79@...il.com> [2020-06-10 11:24:04 +0200]:
> > I did borrow some assembler files to avoid having to link against
> > (any) libc. That was for building a DSO, ultimately loaded via glibc.
> > The effect was that glibc did change the protection of all stacks to
> > be executable.
> >
> > Would you consider adding the line [1]
> > .section        .note.GNU-stack, "", %progbits
> > to assembly files?
> >
> > I know this is not a musl bug, and I can easily add the lines myself.
>
> musl build system (just like other libcs i know of)
> pass -noexecstack to the assembler so if you build
> the asm files as part of libc the object files should
> have the marking, if you build outside of libc i
> think it's your responsibility to add the note
> (either to the asm or via the -Wa,-noexecstack flag)
>
> readelf -lW libfoo.so | grep GNU_STACK
>
> is one way to verify that everything has the note.

Yeah easy to do, just may take a lot time till you figure out why just
sometimes your app gets its stack remapped.
I understand your position, the aim was to safe other people such trouble.

Norbert

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.