From: Nick Clifton <nickc@redhat.com>
To: Michael Matz <matz@suse.de>
Cc: Binutils <binutils@sourceware.org>
Subject: Re: RFC: Should we have all targets default to only creating an executable stack when explicitly requested ?
Date: Fri, 22 Apr 2022 12:11:07 +0100 [thread overview]
Message-ID: <2f00f65c-bfeb-1895-32ef-9cd1c9212e78@redhat.com> (raw)
In-Reply-To: <alpine.LSU.2.20.2204211428380.32194@wotan.suse.de>
Hi Michael,
> But a linker should not be limited to only one language.
Agrred. Linkers must be language agnostic.
> There is Fortran
> for instance which _has_ nested functions that can be (sort-of)
> address-taken, and hence need trampolines somewhere. There is Ada, there
> are other languages as well. Requiring users using standard mandated
> functionality to add linker options just so that their programs work would
> be considered a bug in the toolchain by me, no matter if that "improves
> security".
But there is an already working method by which compilers can tell
the linker that an executable stack is needed - the .note-GNU_STACK
section. So if compiler consistently use that feature, there is no
need for users to get involved at all.
What I am proposing for the BFD linker is to change a feature whereby
an object file which does not have a .note.GNU-STACK section will also
cause the creation of an executable stack - but only for certain
architectures. On the AArch64 or PowerPC for example, the absence of
a .note-GNU_STACK section will not trigger the creation of an executable
stack.
So for an application to be affected by the change it would have to:
* be restricted to architectures that default to an executable stack.
* be compiled by a compiler that does not generate .note.GNU_STACK
sections and/or contains assembler source code that does not include
the provision of a .note.GNU_STACK section.
* use a feature of the language(s) that actually requires an executable
stack in order to work.
* not add the "-z execstack" option to the linker command line when
being built.
It is my hope that this will only be a small number of applications, but
even if it is not, proving a warning message about the proposed change in
behaviour for the next couple of releases of the binutils ought to be
sufficient to allow application builders to adapt.
Cheers
Nick
next prev parent reply other threads:[~2022-04-22 11:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-21 11:28 Nick Clifton
2022-04-21 11:44 ` Jan Beulich
2022-04-21 14:44 ` Nick Clifton
2022-04-21 15:31 ` Jan Beulich
2022-04-21 11:52 ` Andreas Schwab
2022-04-21 15:00 ` Michael Matz
2022-04-21 16:00 ` Andreas Schwab
2022-04-22 11:11 ` Nick Clifton [this message]
2022-04-25 13:25 ` Michael Matz
2022-04-22 11:41 ` Martin Liška
2022-04-25 13:46 ` Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f00f65c-bfeb-1895-32ef-9cd1c9212e78@redhat.com \
--to=nickc@redhat.com \
--cc=binutils@sourceware.org \
--cc=matz@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).