From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-189134-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 26632 invoked by alias); 15 Jun 2006 04:37:29 -0000
Received: (qmail 26552 invoked by uid 48); 15 Jun 2006 04:37:20 -0000
Date: Thu, 15 Jun 2006 04:40:00 -0000
Subject: [Bug libffi/28036]  New: libffi executable stack (missing .note.GNU-stack on .o files)
X-Bugzilla-Reason: CC
Message-ID: <bug-28036-8896@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "nigelenki at comcast dot net" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2006-06/txt/msg01419.txt.bz2
List-Id: <gcc-bugs.sourceware.org>

I noticed (on ubuntu) that libgcj had an executable stack; tracing this back, I
found that libffi also had an executable stack, and why.  pinskia informs me
that libffi gets linked into libgcj so that solves that!

SCANELF:
bluefox@icebox:/tmp/x$ scanelf -qeRt /usr/lib
RWX --- ---   /usr/lib/libgcj.so.7.0.0


I built gcc and ran a scanelf on the source tree to find out what was up and
located a few .o files missing .note.GNU-stack

SCANELF:
bluefox@icebox:/tmp/x$ scanelf -qeRt .
RWX --- ---   ./gcj-4.1-4.1.0/build/i486-linux-gnu/libffi/.libs/libffi.so.4.0.1
!WX --- ---   ./gcj-4.1-4.1.0/build/i486-linux-gnu/libffi/src/x86/sysv.o
!WX --- ---   ./gcj-4.1-4.1.0/build/i486-linux-gnu/libffi/src/x86/unix64.o
!WX --- ---   ./gcj-4.1-4.1.0/build/i486-linux-gnu/libffi/src/x86/.libs/sysv.o
!WX --- ---  
./gcj-4.1-4.1.0/build/i486-linux-gnu/libffi/src/x86/.libs/unix64.o


sysv.o and unix64.o, find them:

FIND:
bluefox@icebox:/tmp/x$ find . -name sysv.S
./gcj-4.1-4.1.0/src/libffi/src/sh/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/cris/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/s390/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/x86/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/m68k/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/sh64/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/m32r/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/arm/sysv.S
./gcj-4.1-4.1.0/src/libffi/src/powerpc/sysv.S

Let's peek in x86:
bluefox@icebox:/tmp/x$ ls gcj-4.1-4.1.0/src/libffi/src/x86/
ffi64.c  ffi.c  ffitarget.h  sysv.S  unix64.S  win32.S

win32.S can probably be ignored, however...
bluefox@icebox:/tmp/x$ grep -Hnr ".note.GNU-stack" gcj-4.1-4.1.0/src/libffi/
bluefox@icebox:/tmp/x$

The others probably need this block at the end (yanked from [1]):
#ifdef __ELF__
.section .note.GNU-stack,"",%progbits
#endif

No idea if this will clear the executable stack, haven't tested; but it'll
supply a proper .note.GNU-stack segment where it really should be at least.

[1] http://www.gentoo.org/proj/en/hardened/gnu-stack.xml


-- 
           Summary: libffi executable stack (missing .note.GNU-stack on .o
                    files)
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libffi
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: nigelenki at comcast dot net


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28036