[PATCH wayland] scanner: avoid executable stack

Pekka Paalanen ppaalanen at gmail.com
Wed Mar 2 10:06:12 UTC 2016


On Wed, 02 Mar 2016 11:37:01 +0200
Mart Raudsepp <leio at gentoo.org> wrote:

> Ühel kenal päeval, K, 02.03.2016 kell 11:06, kirjutas Pekka Paalanen:
> > From: Pekka Paalanen <pekka.paalanen at collabora.co.uk>
> > 
> > Before this patch:
> > $ scanelf -lpqe ./wayland-scanner
> > RWX --- ---  ./wayland-scanner
> > 
> > That indicates the stack is executable, which is a bad thing for
> > security. Wayland-scanner does not actually need an executable stack,
> > it
> > is just an oversight from using an .S file in the sources.
> > 
> > Add a special incantation in dtddata.S to make it not cause the stack
> > to
> > become executable.
> > 
> > Reported-by: leio at gentoo.org
> > Signed-off-by: Pekka Paalanen <pekka.paalanen at collabora.co.uk>  
> 
> Confirmed that our QA warning is fixed with this and that basic DTD
> validation still works (embedded DTD is readable by wayland-scanner).
> 
> Tested-by: Mart Raudsepp <leio at gentoo.org>

And pushed:
   4a41d26..f8f3e54  master -> master


Thanks,
pq

> > ---
> >  src/dtddata.S | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> > 
> > diff --git a/src/dtddata.S b/src/dtddata.S
> > index 68e3435..ce51133 100644
> > --- a/src/dtddata.S
> > +++ b/src/dtddata.S
> > @@ -20,6 +20,14 @@
> >   * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >   */
> >  
> > +/*
> > + * Avoid executable stack.
> > + * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
> > + */
> > +#if defined(__linux__) && defined(__ELF__)
> > +.section .note.GNU-stack,"",%progbits
> > +#endif
> > +
> >  /* from: http://www.linuxjournal.com/content/embedding-file-executab
> > le-aka-hello-world-version-5967#comment-348129 */
> >  
> >  .macro binfile name file  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20160302/6815d878/attachment-0001.sig>


More information about the wayland-devel mailing list