[patch] non-executable stack

Sam_Hocevar · March 1, 2006, 11:11pm

This patch adds hints for the GNU linker so that it knows about the
stack features and does not assume it is executable by default. Systems
that enforce certain security policies will refuse to load a library
with an executable stack.–
Sam.
-------------- next part --------------
diff -puriN SDL-1.2.9/src/hermes/mmx_main.asm newSDL-1.2.9/src/hermes/mmx_main.asm
— SDL-1.2.9/src/hermes/mmx_main.asm 2001-04-26 18:45:45 +0200
+++ newSDL-1.2.9/src/hermes/mmx_main.asm 2006-03-01 12:13:17 +0100
@@ -70,5 +70,7 @@ endconvert:

ret

+%ifidn OUTPUT_FORMAT,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif

diff -puriN SDL-1.2.9/src/hermes/mmxp2_32.asm newSDL-1.2.9/src/hermes/mmxp2_32.asm
— SDL-1.2.9/src/hermes/mmxp2_32.asm 2002-03-01 19:01:16 +0100
+++ newSDL-1.2.9/src/hermes/mmxp2_32.asm 2006-03-01 12:13:42 +0100
@@ -383,4 +383,7 @@ _convert_bgr555_cheat:
jmp _mmxreturn

+%ifidn OUTPUT_FORMAT,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif

diff -puriN SDL-1.2.9/src/hermes/x86_main.asm newSDL-1.2.9/src/hermes/x86_main.asm
— SDL-1.2.9/src/hermes/x86_main.asm 2001-04-26 18:45:45 +0200
+++ newSDL-1.2.9/src/hermes/x86_main.asm 2006-03-01 12:14:13 +0100
@@ -123,3 +123,7 @@ _Hermes_X86_CPU:

.L1:
ret
+
+%ifidn OUTPUT_FORMAT,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff -puriN SDL-1.2.9/src/hermes/x86p_16.asm newSDL-1.2.9/src/hermes/x86p_16.asm
— SDL-1.2.9/src/hermes/x86p_16.asm 2001-04-26 18:45:45 +0200
+++ newSDL-1.2.9/src/hermes/x86p_16.asm 2006-03-01 12:14:23 +0100
@@ -494,3 +494,6 @@ _ConvertX86p16_8RGB332:
.L7 pop ebp
jmp _x86return

+%ifidn OUTPUT_FORMAT,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff -puriN SDL-1.2.9/src/hermes/x86p_32.asm newSDL-1.2.9/src/hermes/x86p_32.asm
— SDL-1.2.9/src/hermes/x86p_32.asm 2001-04-26 18:45:45 +0200
+++ newSDL-1.2.9/src/hermes/x86p_32.asm 2006-03-01 12:14:31 +0100
@@ -1041,3 +1041,7 @@ _ConvertX86p32_8RGB332:

.L4:
jmp _x86return
+
+%ifidn OUTPUT_FORMAT,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif

Mike_Frysinger · March 1, 2006, 11:15pm

already been integrated … please review cvs version rather than 1.2.9
-mikeOn Wednesday 01 March 2006 18:11, Sam Hocevar wrote:

This patch adds hints for the GNU linker so that it knows about the
stack features and does not assume it is executable by default. Systems
that enforce certain security policies will refuse to load a library
with an executable stack.