Patches for the next release

Steve M. Robbins steve at sumost.ca
Sat Aug 2 18:47:34 CEST 2008 

On Sat, Aug 02, 2008 at 09:33:44AM +0200, Torbjorn Granlund wrote:
>   > Why does only assmbly code suffer from this problem, why isn't C code
>   > also affected?
>   
>   Good question.  I hadn't considered this, but google led me to the
>   answer:
>   
>       When you compile source code normally, gcc takes care of adding
>       the GNU_STACK markings so that the final object code is not marked
>       with an executable stack unless it actually needs it. However, if
>       you compile assembly code, gcc will not automatically add
>       GNU_STACK markings. So, the most common source of executable
>       stacks in ELF binaries are packages which include raw assembly
>       code. Note that we're not talking about inline assembly code, but
>       rather files like .S which are written in pure assembler.
>   
>       We can either patch each source file written in assembler and send
>       the fixes upstream, or we can force the package build system to
>       assemble the source files with the GNU as option --noexecstack
>   
>       http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
>   
> Your quotation stopped abruptly just before "(but this is highly
> discouraged)".  :-)

Yes, because the writer is adopting a Gentoo build system point of
view, which is not relevant here.  The annotation he's advocating is
of the form

  #if defined(__linux__) && defined(__ELF__)
  .section .note.GNU-stack,"",%progbits
  #endif

which works only for linux.  The patch I passed on works for *any*
platform using the GNU assembler.

The reason why the Gentoo guy discourages using --noexecstack is that
his solution is to put --noexecstack in the gentoo "ebuild" file
(whatever that is) meaning that it is a Gentoo-only solution.  In this
light, he's right: better to have upstream patch it for all linux
users rather than just Gentoo users.

However, the patch I provided *is* for upstream so it benefits every
GNU user (not just linux user).


> I suppose we should really implement their suggested solution, i.e.,
> annotate the source.  For for 4.2.3, the --noexecstack fix will have
> to do.

If the source annotation is for linux only, it would still meet my
needs.  However, I think it would be a regression since the patch
provided works for all GNU assembler systems. 

Regards,
-Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080802/6953de54/attachment.bin

More information about the gmp-bugs mailing list