Patches for the next release

Steve M. Robbins steve at sumost.ca
Sat Aug 2 02:56:59 CEST 2008


On Fri, Aug 01, 2008 at 07:30:15PM +0200, Torbjorn Granlund wrote:
> "Steve M. Robbins" <steve at sumost.ca> writes:
> 
>   Hi Torbjörn,
>   
>   On Wed, Jul 23, 2008 at 05:18:11PM +0200, Torbjorn Granlund wrote:
>   
>   > I am preparing GMP 4.2.3, and if you have some safe C++ portability
>   > changes for that release, please sedn them to the list.
>   
>   If you're making a new release, please consider the following patch.
>   GMP builds several objects from assembly code that end up with an
>   executable stack.  The executable stack turns out to be a problem 
>   on systems with a security hardened kernel such as "grsec".  See
>   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323944 for more
>   details.
>   
>   After applying this patch, you need to run autoreconf.
>   
> Why does only assmbly code suffer from this problem, why isn't C code
> also affected?

Good question.  I hadn't considered this, but google led me to the
answer:

    When you compile source code normally, gcc takes care of adding
    the GNU_STACK markings so that the final object code is not marked
    with an executable stack unless it actually needs it. However, if
    you compile assembly code, gcc will not automatically add
    GNU_STACK markings. So, the most common source of executable
    stacks in ELF binaries are packages which include raw assembly
    code. Note that we're not talking about inline assembly code, but
    rather files like .S which are written in pure assembler.

    We can either patch each source file written in assembler and send
    the fixes upstream, or we can force the package build system to
    assemble the source files with the GNU as option --noexecstack

    http://www.gentoo.org/proj/en/hardened/gnu-stack.xml


Regards,
-Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080801/4905af4d/attachment.bin 


More information about the gmp-bugs mailing list