Patches for the next release
Torbjorn Granlund
tg at swox.com
Sat Aug 2 09:33:44 CEST 2008
> Why does only assmbly code suffer from this problem, why isn't C code
> also affected?
Good question. I hadn't considered this, but google led me to the
answer:
When you compile source code normally, gcc takes care of adding
the GNU_STACK markings so that the final object code is not marked
with an executable stack unless it actually needs it. However, if
you compile assembly code, gcc will not automatically add
GNU_STACK markings. So, the most common source of executable
stacks in ELF binaries are packages which include raw assembly
code. Note that we're not talking about inline assembly code, but
rather files like .S which are written in pure assembler.
We can either patch each source file written in assembler and send
the fixes upstream, or we can force the package build system to
assemble the source files with the GNU as option --noexecstack
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
Your quotation stopped abruptly just before "(but this is highly
discouraged)". :-)
I suppose we should really implement their suggested solution, i.e.,
annotate the source. For for 4.2.3, the --noexecstack fix will have
to do.
--
Torbjörn
More information about the gmp-bugs
mailing list