[PATCH wayland] scanner: avoid executable stack
Pekka Paalanen
ppaalanen at gmail.com
Wed Mar 2 10:06:12 UTC 2016
On Wed, 02 Mar 2016 11:37:01 +0200
Mart Raudsepp <leio at gentoo.org> wrote:
> Ühel kenal päeval, K, 02.03.2016 kell 11:06, kirjutas Pekka Paalanen:
> > From: Pekka Paalanen <pekka.paalanen at collabora.co.uk>
> >
> > Before this patch:
> > $ scanelf -lpqe ./wayland-scanner
> > RWX --- --- ./wayland-scanner
> >
> > That indicates the stack is executable, which is a bad thing for
> > security. Wayland-scanner does not actually need an executable stack,
> > it
> > is just an oversight from using an .S file in the sources.
> >
> > Add a special incantation in dtddata.S to make it not cause the stack
> > to
> > become executable.
> >
> > Reported-by: leio at gentoo.org
> > Signed-off-by: Pekka Paalanen <pekka.paalanen at collabora.co.uk>
>
> Confirmed that our QA warning is fixed with this and that basic DTD
> validation still works (embedded DTD is readable by wayland-scanner).
>
> Tested-by: Mart Raudsepp <leio at gentoo.org>
And pushed:
4a41d26..f8f3e54 master -> master
Thanks,
pq
> > ---
> > src/dtddata.S | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/src/dtddata.S b/src/dtddata.S
> > index 68e3435..ce51133 100644
> > --- a/src/dtddata.S
> > +++ b/src/dtddata.S
> > @@ -20,6 +20,14 @@
> > * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> > */
> >
> > +/*
> > + * Avoid executable stack.
> > + * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
> > + */
> > +#if defined(__linux__) && defined(__ELF__)
> > +.section .note.GNU-stack,"",%progbits
> > +#endif
> > +
> > /* from: http://www.linuxjournal.com/content/embedding-file-executab
> > le-aka-hello-world-version-5967#comment-348129 */
> >
> > .macro binfile name file
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20160302/6815d878/attachment-0001.sig>
More information about the wayland-devel
mailing list