[PATCH wayland] scanner: avoid executable stack
Mart Raudsepp
leio at gentoo.org
Wed Mar 2 09:37:01 UTC 2016
Ühel kenal päeval, K, 02.03.2016 kell 11:06, kirjutas Pekka Paalanen:
> From: Pekka Paalanen <pekka.paalanen at collabora.co.uk>
>
> Before this patch:
> $ scanelf -lpqe ./wayland-scanner
> RWX --- --- ./wayland-scanner
>
> That indicates the stack is executable, which is a bad thing for
> security. Wayland-scanner does not actually need an executable stack,
> it
> is just an oversight from using an .S file in the sources.
>
> Add a special incantation in dtddata.S to make it not cause the stack
> to
> become executable.
>
> Reported-by: leio at gentoo.org
> Signed-off-by: Pekka Paalanen <pekka.paalanen at collabora.co.uk>
Confirmed that our QA warning is fixed with this and that basic DTD
validation still works (embedded DTD is readable by wayland-scanner).
Tested-by: Mart Raudsepp <leio at gentoo.org>
> ---
> src/dtddata.S | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/dtddata.S b/src/dtddata.S
> index 68e3435..ce51133 100644
> --- a/src/dtddata.S
> +++ b/src/dtddata.S
> @@ -20,6 +20,14 @@
> * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> */
>
> +/*
> + * Avoid executable stack.
> + * from: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
> + */
> +#if defined(__linux__) && defined(__ELF__)
> +.section .note.GNU-stack,"",%progbits
> +#endif
> +
> /* from: http://www.linuxjournal.com/content/embedding-file-executab
> le-aka-hello-world-version-5967#comment-348129 */
>
> .macro binfile name file
More information about the wayland-devel
mailing list