From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jbeulich@suse.com>
Received: from de-smtp-delivery-102.mimecast.com
 (de-smtp-delivery-102.mimecast.com [194.104.111.102])
 by sourceware.org (Postfix) with ESMTPS id 8A4323838022
 for <binutils@sourceware.org>; Thu, 21 Apr 2022 11:44:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 8A4323838022
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur05lp2176.outbound.protection.outlook.com [104.47.17.176]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 de-mta-12-XildigdFMO2BUry9KjBcoQ-1; Thu, 21 Apr 2022 13:44:26 +0200
X-MC-Unique: XildigdFMO2BUry9KjBcoQ-1
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=nmqbbRPpEFYCVi4JUN0F2sqimGfPLrHkNUItpA9hjQovOdspm7jLIeXDfT84oJEJU4MHfMwoxVpxkdKm5/QR0Iby2zV6AFC8yuQruT9SMB06PJinlFfNf3tnjNYEAi/+qiVo9b6h/q7JIC5iBxfQh0/LgAoS4JGY5NyAcVAi9fh8UYxRzJg6Xix01lWfmQOtDLiM8QgUOCuiDGiNeJybqldkmhbXTCQO2qGNyc9lqNbSl2UUIKYAPFqrJJdJV038wKYtCWkPNHEuBHyKEenM7BSaTWirZHpF2B081Ynq7n8/SMGOD7WZlM1qE40tLkR5I1qaVi1ScelBaAjXMNBOZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=1PdF2wrveoEr4YWobg+YfrDv4lZnaGwQqatAu2rpPBA=;
 b=ju2TspdKo+wIFQyhKiUdp57xHfBfCOxx2yVNyAvf6rGcJXqTnuPCf19VGClcJnB0wCMtwO15jnmOVoJ4uFY0KRiPr5xLUV/RC42lyoYQFyeScnzY7Qxc7n89xFj4tdwL8wvJWlYMiABVVNazAN2gPgUkO23UOGI+wvmLCwMbop5i5LuUqem7eOWWn9hBVdRd53Z6nbvmLgeExqHqs9ZlxtftopFbvJSSdxdDo/fwi2FldxTx+2rUYEIsNkCvbR3viJb5+hgtP0pg7NvzYH8E3n5EN7SCj65vSJQKU/sO9V+UvgDiVfunmmXYKsZ/OrDsk264G2idK0ekwKoHbG38Qw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com;
 dkim=pass header.d=suse.com; arc=none
Received: from DU2PR04MB8616.eurprd04.prod.outlook.com (2603:10a6:10:2db::16)
 by AM0PR04MB7010.eurprd04.prod.outlook.com (2603:10a6:208:199::19)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Thu, 21 Apr
 2022 11:44:25 +0000
Received: from DU2PR04MB8616.eurprd04.prod.outlook.com
 ([fe80::5cb0:5195:4203:7c2f]) by DU2PR04MB8616.eurprd04.prod.outlook.com
 ([fe80::5cb0:5195:4203:7c2f%7]) with mapi id 15.20.5186.015; Thu, 21 Apr 2022
 11:44:25 +0000
Message-ID: <3233e8f4-4baa-9cb7-c86e-a60e8f7116f4@suse.com>
Date: Thu, 21 Apr 2022 13:44:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.0
Subject: Re: RFC: Should we have all targets default to only creating an
 executable stack when explicitly requested ?
Content-Language: en-US
To: Nick Clifton <nickc@redhat.com>
References: <51664b3e-9dbd-65e2-00b3-7f7842f76ed4@redhat.com>
Cc: Binutils <binutils@sourceware.org>
From: Jan Beulich <jbeulich@suse.com>
In-Reply-To: <51664b3e-9dbd-65e2-00b3-7f7842f76ed4@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: AM6PR10CA0042.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:209:80::19) To DU2PR04MB8616.eurprd04.prod.outlook.com
 (2603:10a6:10:2db::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a89d1492-1895-408a-5561-08da238c48fb
X-MS-TrafficTypeDiagnostic: AM0PR04MB7010:EE_
X-Microsoft-Antispam-PRVS: <AM0PR04MB7010ABCC7B04C19918898220B3F49@AM0PR04MB7010.eurprd04.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: T1LOykExAZgwCYVO8TPbzce+stZwZjbSL0bRMihx4EPQxN//FHhE85Odp5eI/JD4IeUGU6CT0tkLKey02itR8mDXphteTKllV9Ec3ngRecEDFfNOTcLth4/NAnjNFvsJPtn8ahVtjAYOC8Wmh/Dht8dwJIDyKJ5i4D1dTbBKqr40ADInAnECFExck9RSiOdIIOA6i/l13mkqhob/ARzUh/p18BZFmy6tJJM5wrlQceo/kHQLRFjAsVNYHeVhg76KdC+sdT+2WphQI66PhBmmCCOVvdvT9iDA3HOJIcRzeVVxnBnFbYn5UnDkCTHUBefhodZrMjFtgjY2Yb1MpGreh7kuzPY7l5HFFRV13xR9dchEMd+o6vgApcKbqhr+V2dqnf85DAc7nNia2/ceGtQWU3yDC0fr7YnxHvO5WGMndxpksJFO/DqRsbPaPTLPISqsRpuXBbz9ARmq0sQzqPorykb1oHRnE7+H792ZyajGk1U05xVX9mrXGIyaAst+EVOUC4MB7tRqytp5xQAnfsbX5T8+4Az4zIEjBJm6vbSnkqXNgsd2PTwM7TwvP1RTx7IMjP9So7EuiLrMefM6ZP23QAEb53FCH3/q8u1WAEFU2kvDJjalWmMBTSp3aQMhVhE+JWRI9uBWaj+Oal/yGSnrImlzfOsDsv7Hm2VOgXutu7MxH9oTGIL7xrawAgp2w36XCOWpDasxDKH4g3hB10/vggNkpD/3T4KtJsOQ1PW6K+K84jWXRlEF3Xfv0zepyw6Q6nZRg/LYuvbMYsTEeI/+RKXXD1YtKHO26aNja6tkqtw5M5/3El0NZ1/DDNk1Rk0GrJR7giWIJ2HWJkXnhjVW0g==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DU2PR04MB8616.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230001)(366004)(2906002)(26005)(53546011)(6506007)(38100700002)(6512007)(31696002)(2616005)(36756003)(31686004)(86362001)(6486002)(508600001)(5660300002)(186003)(8936002)(6916009)(66946007)(966005)(316002)(66476007)(66556008)(83380400001)(4326008)(8676002)(45980500001)(43740500002);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cTNhelJLM3JmeHN1Sk5vOWJXZjNoWk9uYmo4eVUxRFphQnJlUlo1RXU2bVk3?=
 =?utf-8?B?MWpyQzBKazc3T0p0WFFSUzJ4bnpBdUdNZ01zZTduSmdRbzFPN0drQ01udzFp?=
 =?utf-8?B?OXFOZnZmT0l3NXlCZXBoRWo5ekM1eEtjV1RTVmFxVkN2M3Z6b3krdWVLeU50?=
 =?utf-8?B?SzFFaFlwTzd5RzFZSXpnVTJkV1hqRmNPRWEzK2tKT1E1K3FiNFFWZm9aNkli?=
 =?utf-8?B?RkNpV3ZPUGVlck5UUHo1UWRNc00zTEhSWkRBS1NYdVJ5dFVXWnVPTEJydnps?=
 =?utf-8?B?Zk5VT2pXQVVXczNpK1BlTWw5Vmowdm5jbE05dXJPZWlaeGRoMVlrSkFodWlO?=
 =?utf-8?B?STNZVUlpaTRJeWdNbUZRbkhQbWt3VGQxUGQ2MVZ6bmNUZzRqa2tiK1N3WWJM?=
 =?utf-8?B?VXd0OUE0V3NTZkMzU1lJU05xWXVPbDdqK25EY2dQUStPZU8zZjVhK2l1RDFi?=
 =?utf-8?B?RVlPZ0NKNWNVdzFpYWRta25mSzJwUWRnU3RCNmtzUVk4UXNZVlRJUkxISTVj?=
 =?utf-8?B?dUdHODNmcXVLTzJTc3F0dTFSWU5YRGZTZStLdm1jOTY4dklhMmQ0NVRZWjVS?=
 =?utf-8?B?bUpJVFkvYkxMYXppc3BLNVRCMDR0Vnhuc21jTlhMNTA1bUgvVzFleEJjaVZ0?=
 =?utf-8?B?bjIzUlFiSVVRUnJ0dXg4TmdKTVhPQ0JVZWdCWEczaHp6MnhleEpwMlRqUDFE?=
 =?utf-8?B?UzNRUEFGeEVZM0locnJ3VjNYTHZTU2d2d285SnV3amphMVFaUTlzeitmSklD?=
 =?utf-8?B?ZFhUU3NOUEloNEI5VUJSVEFyYmdCK0U5ZjEyT2lCM1dMYUtuVmkzbW1kNFU1?=
 =?utf-8?B?L2RJS0EzTU00YllST3Fsekd3WjVmU0RrRzhTNUtHcTFHblFKTGVnOHlQUDgr?=
 =?utf-8?B?TjZONmtMK1ZBMHUxR0pYaTJEYTd0QmZiSE90Sm9vamFEbGszbWF1STVzcEtH?=
 =?utf-8?B?VjQ5cDNYT2FxY2p1TDA4c2xKRDRCU3ZqNUZMbks0KzlxOUVPTHdFOEEwRFJY?=
 =?utf-8?B?SWVWYmMwVzRKeEh5WXdreUNxWmJ4YlZ3ZXBlUXJvaXFJVCtsVCsrUlJhUmxZ?=
 =?utf-8?B?RHo1aGgvV240cEVKcWhIUHR3RThSWjAwR0VkWm9RWC9oWTFSWGtUTTVUVVZj?=
 =?utf-8?B?V0Fjc0hpdVBzTnhhZWFuajZUeG14MXBoSkU4YmpGdUMyWk5ZaUxySFI1V3R4?=
 =?utf-8?B?UVFESm9IYVRjSzRyTFRwemlJMXVJbDdKSDNFYzkyVFBHUnU5aitOdGFxZUxT?=
 =?utf-8?B?UExqSHBMWEhMSG53QTcxSUVSK2lVclBNMXNidU9zT05kT3JVOG1vdTNndkVs?=
 =?utf-8?B?Vnl6Rm1nVzhHQkJ1SlVMdlFsTCtTemRvd0ZnSWR1KzIzdXQyTWxmbXMxOEpv?=
 =?utf-8?B?TE4zZG8rNjhETGZ4ZWNScEEweDFVSjY1WTQ0QTZxcFRNb3hhZ3YvNitHSUlW?=
 =?utf-8?B?cWJKSTZaVlFmMVhaNm9vRnZsbU1VVHZuU1JyVUxVUVhISVdiN2E2Q3N0d3kr?=
 =?utf-8?B?NE1FakdzcjNBOW1mSWkzRzM1UklsYW55N1hLRmRRcEE0SThKOHVNc1dpdU1y?=
 =?utf-8?B?Y2c4cUU3b2RNeHBBMDhKdkJjV0hrMzNLdFFnMnhVVVh0MWJiaTgvYjNqRGJr?=
 =?utf-8?B?TTRjQmJXOXQ2T3YxOEwvcktFOUZQQmVhTWhvR2ZSVE01VWVyTEVLTFB2SXd1?=
 =?utf-8?B?ck5ESU9iT01nemFiQUplSFZoU3JBWGg5UndzNnROcHQyMmJhd29TeUYvLzhD?=
 =?utf-8?B?VFNON2Q5YWRVdGt2U3EvMGh0MnArcExVZlBseDZ6QUV5ODY2d20zWnN6WHZH?=
 =?utf-8?B?S0RXZ3JNSk4wWUpqNjVObjdOUmNqOElnNUU3dmV0RjlvdXRDbm55RjNPdkFj?=
 =?utf-8?B?ZmdpeHkvUnhlREgzakNldnlvOVFnbWRPcVZwUVJ1QW85WXBGQVUrbGJJdHVD?=
 =?utf-8?B?cHJsYzlKZjE0SzdTQktwZWtub2RpcFFuRGp0aVJmNG1HM1dTa0MvMFlabTNB?=
 =?utf-8?B?NmZjNEZXTE91WGN0S1VFNC90U2ZSN21kWUhYVHlxOENIU0IrSFZ5Y2FHais3?=
 =?utf-8?B?ZjM0Y3RXZld6TnlHbDN2Yjc3d2VRR2tnajlpQVlIWVowYzBrS2hUeWt6Ukh3?=
 =?utf-8?B?NHZGWmxCaWY4T0JzNzNXbWpHYXhpcFpCWkpPWHJvOUUzRGtGNmJ6d3ZRU3FV?=
 =?utf-8?B?QTVPUWhSblBlWjdEcW85SHpLQk1EVzJIZmxzWVNhQnZwQWg2N0UzdnRHN09M?=
 =?utf-8?B?WUFvNjFtTDVhdDFGQXM4bEdhZzNVdU1CYjNVcGJrOG5kZUhudWlmSTEwM0dp?=
 =?utf-8?B?UXV1Q0ROeXFMdkl2ZjIyZFZFM2FqTUt6MmJ1aHlHVGFwcldlVFRYZz09?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a89d1492-1895-408a-5561-08da238c48fb
X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8616.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2022 11:44:25.4588 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5K2TcahlHFIkKNc1otgKvnIvgN8G0R1Fd2KkuC4IvZSU5qaKODwIE2IcOaUNaBPCk8bIG4ne8Q//xOj6cnBBVg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB7010
X-Spam-Status: No, score=-3032.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2022 11:44:30 -0000

On 21.04.2022 13:28, Nick Clifton via Binutils wrote:
> Hi Guys,
> 
>     PR 29072 has brought up the issue of executable stacks.
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=29075
> 
>    Currently the bfd linker will create an executable stack if explicitly
>    requested to do so, either via the '-z execstack' option, or via the
>    presence of a .note-GNU-stack section which has the SHF_EXECINSTR flag
>    set.
> 
>    In addition, for targets like the x86_64 and s390x the linker will also
>    create an executable stack if any linked object file does not have a
>    .note.GNU-stack section.  (Such an occurrence is especially common for
>    hand crafted assembler source files).  This can result in programs
>    gaining an executable stack even when the user is not expecting it.
> 
>    Other targets such as AArch64 and PowerPC do not this.  Instead they
>    just ignore object files with missing .note.GNU-stack sections.
> 
>    A proposal has been made that all targets should ignore missing
>    .note.GNU-stack sections, and the linker should only ever create an
>    executable stack if explicitly requested by one of the two methods
>    described in the second paragraph.  I am inclined to agree with this
>    proposal, but I would like to see if anyone has any objections or
>    comments first.
> 
>    It is possible that such a change will break applications that rely
>    upon the current behaviour.  But, in my opinion, this would actually
>    be a good thing.  Applications with an executable stack are a security
>    risk, and they ought to be reviewed.  If an exectuable stack really
>    is needed then it can be explicitly requested via the '-z execstack'
>    command line option.
> 
>    Thoughts ?

I know of such an application right away. It being used merely for testing
purposes, I believe it's okay-ish to have an executable stack. But what
I'd like to avoid is that someone would need to be forced to take immediate
action because of such changed behavior. Hence I'd like to suggest that for
at least one (better two or three) major releases there be merely a warning
that the behavior will change, giving people time to silence the warning
while being able to continue to do their immediate work.

Jan