Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH8yC8kS6umeVJQfc8MH5LX4RzBk9rccFKu8dm1meUxPKfAefA@mail.gmail.com>
Date: Wed, 10 Jun 2020 06:39:35 -0400
From: Jeffrey Walton <noloader@...il.com>
To: musl@...ts.openwall.com, Norbert Lange <nolange79@...il.com>
Subject: Re: Mark stack as non-executable in asm

On Wed, Jun 10, 2020 at 6:31 AM Szabolcs Nagy <nsz@...t70.net> wrote:
>
> * Norbert Lange <nolange79@...il.com> [2020-06-10 11:24:04 +0200]:
> > I did borrow some assembler files to avoid having to link against
> > (any) libc. That was for building a DSO, ultimately loaded via glibc.
> > The effect was that glibc did change the protection of all stacks to
> > be executable.
> >
> > Would you consider adding the line [1]
> > .section        .note.GNU-stack, "", %progbits
> > to assembly files?
> >
> > I know this is not a musl bug, and I can easily add the lines myself.
>
> musl build system (just like other libcs i know of)
> pass -noexecstack to the assembler so if you build
> the asm files as part of libc the object files should
> have the marking, if you build outside of libc i
> think it's your responsibility to add the note
> (either to the asm or via the -Wa,-noexecstack flag)
>
> readelf -lW libfoo.so | grep GNU_STACK
>
> is one way to verify that everything has the note.

It may be worth mentioning, according to the Binutil folks, the stack
size has to be 0. A non-0 stack size means executable stacks are in
effect. In the case of non-0, I believe the loader is responsible for
loss of the nx-stack.

Jeff

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.