[PATCH] D14571: [ELF2] - Implemented PT_GNU_STACK support
Rui Ueyama via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 12 10:10:15 PST 2015
On Thu, Nov 12, 2015 at 12:50 AM, George Rimar <grimar at accesssoftek.com>
wrote:
> grimar added a comment.
>
> I would also suggest to think about changing the default logic from "stack
> is always executable by default" to opposite one. At least for some targets.
> I dont think there are many apps that uses executable stacks. But having
> it executable is huge security hole.
> We can implement -z execstack/-z noexecstack to control that for those who
> heeds executable one.
>
I think that's a good suggestion, but that made me think of this: we may
want to force users to specify -z execstack if they really want to make the
stack executable. To me, controlling the stack executable-ness using
.note.GNU-stack section is too subtle and fragile. If you have thousands of
object files, and only one file lacks .note.GNU-stack, the entire program's
stack will be executable. It's unlikely to be an intended behavior, and if
it is actually intended, I believe it is reasonable to tell so to the
linker using the -z flag.
So I guess my point is
- ignore .note.GNU-stack sections at all,
- make stack non-executable by default,
- and implement -z execstack
What do you think?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20151112/8c9cfe0b/attachment.html>
More information about the llvm-commits
mailing list