[Bug c/103863] New: We need a warning for loss of no-exec stacks

["noloader at gmail dot com" <gcc-bugzilla@gcc.gnu.org>]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103863

            Bug ID: 103863
           Summary: We need a warning for loss of no-exec stacks
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: noloader at gmail dot com
  Target Milestone: ---

Hello,

This is a feature request.

For targets that support no-exec stacks, we need a warning when GCC generates
code or drives the linker with loss of no-exec stacks.

The warning would be beneficial for most builds nowadays since no-exec stacks
are part of most distro hardening. For example, Debian and Fedora both
incorporate it into their build system; and special steps must be taken to
avoid no-exec stacks out of the box.

The warning would also be beneficial in cases like
https://bugzilla.redhat.com/show_bug.cgi?id=2035802. In the 2035802 bug, an ARM
machine failed to boot because libz contained executable stacks even though
they were not needed.

A specific warning for no-exec stacks is slightly different than -Wtrampolines.
While trampolines resulted in executable stacks in the past, that may not hold
in the future as lambdas are added to the language. And trampolines are not a
necessary precondition to get in an insecure state like the 2035802 bug shows.

It is most unfortunate that ASM files need special handling because the object
files are marked with executable stacks by default. Maybe that should be
another bug report to change default behavior since the strategy nowadays is:
no-exec stacks by default, do something special for executable stacks.

Thanks in advance.