diff options
author | Pekka Paalanen <pekka.paalanen@collabora.co.uk> | 2016-03-02 11:00:35 +0200 |
---|---|---|
committer | Pekka Paalanen <pekka.paalanen@collabora.co.uk> | 2016-03-02 12:05:28 +0200 |
commit | f8f3e54aa7bc15871ca4296cbc16ae065b07de4e (patch) | |
tree | a49f615a2f7d4ada7a8506fbf3691382099df5cb | |
parent | 4a41d26c4d0f4775f3a013a41a32ac1512a0a177 (diff) | |
download | wayland-f8f3e54aa7bc15871ca4296cbc16ae065b07de4e.tar.gz |
scanner: avoid executable stack
Before this patch:
$ scanelf -lpqe ./wayland-scanner
RWX --- --- ./wayland-scanner
That indicates the stack is executable, which is a bad thing for
security. Wayland-scanner does not actually need an executable stack, it
is just an oversight from using an .S file in the sources.
Add a special incantation in dtddata.S to make it not cause the stack to
become executable.
Reported-by: Mart Raudsepp <leio@gentoo.org>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Mart Raudsepp <leio@gentoo.org>
-rw-r--r-- | src/dtddata.S | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/dtddata.S b/src/dtddata.S index 68e3435..ce51133 100644 --- a/src/dtddata.S +++ b/src/dtddata.S @@ -20,6 +20,14 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* + * Avoid executable stack. + * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart + */ +#if defined(__linux__) && defined(__ELF__) +.section .note.GNU-stack,"",%progbits +#endif + /* from: http://www.linuxjournal.com/content/embedding-file-executable-aka-hello-world-version-5967#comment-348129 */ .macro binfile name file |