wishlist: make stack non-executable

Sat Apr 15 17:11:02 CEST 2006

Hello,

I'm told that some security conscious linux kernels refuse to enable
the execute bit on memory sections that hold the stack.  Out-of-the-box
GMP produces libraries that request an executable stack.

The fix is simple: the assembler needs to use a command-line option so
that it doesn't request an executable stack.  Sheplyakov Alexei
provided a patch that Debian has been using since 13 Oct 2005.

The patch appends -Wa,--noexecstack switch to assembler command-line
(of course, it checks if such a option is supported), thus, the
library gets proper (RW) PT_GNU_STACK marker.

I attach here the diffs against version 4.2.  It would be very
convenient for me if this could be applied to the upcoming 4.2.1.
As I say, Debian has been using the patch without trouble for
several months on 10 or so architectures so I believe it to
be stable.


Thanks,
-Steve

P.S.

The original bug report is here:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323944

Some information about PT_GNU_STACK thing can be found here:
  http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
  https://www.redhat.com/archives/fedora-devel-list/2005-March/msg00460.html
  http://lists.gnu.org/archive/html/axiom-developer/2003-11/msg00165.html

-------------- next part --------------
Index: acinclude.m4
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/acinclude.m4,v
retrieving revision 1.3
diff -u -b -B -r1.3 acinclude.m4

--- acinclude.m4	14 Apr 2006 22:48:55 -0000	1.3
+++ acinclude.m4	15 Apr 2006 06:11:48 -0000
@@ -1613,6 +1613,34 @@
 ])
 
 
+dnl Checks whether the stack can be marked nonexecutable by passing an option
+dnl to the C-compiler when acting on .s files. Appends that option to ASFLAGS.
+dnl This macro is adapted from one found in GLIBC-2.3.5.
+AC_DEFUN([CL_AS_NOEXECSTACK],[
+dnl AC_REQUIRE([AC_PROG_CC]) GMP uses something else
+AC_CACHE_CHECK([whether assembler supports --noexecstack option],
+cl_cv_as_noexecstack, [dnl
+  cat > conftest.c <<EOF
+void foo() {}
+EOF
+  if AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS
+                     -S -o conftest.s conftest.c >/dev/null]) \
+     && grep -q .note.GNU-stack conftest.s \
+     && AC_TRY_COMMAND([${CC} $CFLAGS $CPPFLAGS -Wa,--noexecstack
+                       -c -o conftest.o conftest.s >/dev/null])
+  then
+    cl_cv_as_noexecstack=yes
+  else
+    cl_cv_as_noexecstack=no
+  fi
+  rm -f conftest*])
+  if test "$cl_cv_as_noexecstack" = yes; then
+    ASMFLAGS="$ASMFLAGS -Wa,--noexecstack"
+  fi
+  AC_SUBST(ASMFLAGS)
+])
+
+
 dnl  GMP_ASM_LABEL_SUFFIX
 dnl  --------------------
 dnl  : - is usual.
Index: configure.in
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/configure.in,v
retrieving revision 1.3
diff -u -b -B -r1.3 configure.in
--- configure.in	14 Apr 2006 22:48:55 -0000	1.3
+++ configure.in	15 Apr 2006 06:11:49 -0000
@@ -2024,6 +2024,8 @@
 # Automake ansi2knr support.
 AM_C_PROTOTYPES
 
+CL_AS_NOEXECSTACK
+
 GMP_PROG_AR
 GMP_PROG_NM
 
Index: mpn/Makeasm.am
===================================================================
RCS file: /cvsroot/pkg-gmp/gmp/mpn/Makeasm.am,v
retrieving revision 1.5
diff -u -b -B -r1.5 Makeasm.am
--- mpn/Makeasm.am	14 Apr 2006 22:48:59 -0000	1.5
+++ mpn/Makeasm.am	15 Apr 2006 06:11:49 -0000
@@ -24,7 +24,7 @@
 # COMPILE minus CC.
 #
 COMPILE_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) $(ASMFLAGS)
 
 # Flags used for preprocessing (in ansi2knr rules).
 #
