This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PCH and exec-shield...

On Tue, Mar 02, 2004 at 02:59:04PM -0500, Ian Lance Taylor wrote:
> law@redhat.com writes:
> 
> > Alternately, I believe we could have the build process mark cc1plus and
> > friends as not needing/wanting the exec-shield functionality.  IIRC there
> > is a program you can run which twiddles bits in the ELF headers/sections
> > which allow you to control exec-shield on a per-binary basis.
> 
> Not to get too far out, but is there any way that PCH could work even
> when exec-shield is enabled?
> 
> Or is it just the testsuite which is an issue here?
> 
> It doesn't seem desirable to disable exec-shield on the whole system
> just to make PCH work.
> 
> With the default kernel setting, cc1 will only use exec-shield if it
> has a PT_GNU_STACK program segment.  Unfortunately objcopy can't fix
> that for you.  Also unfortunately I don't think anybody has added a

There is execstack(8) utility which allows to tweak this.

> linker option to disable creating such a segment.  Also unfortunately
> the linker options which do exist are not documented.  Grrrr.

ld --help | grep stack
  -z execstack          Mark executable as requiring executable stack
  -z noexecstack        Mark executable as not requiring executable stack
as --help | grep stack
  --execstack             require executable stack for this object
  --noexecstack           don't require executable stack for this object

Still, I really think PCH has problems with randomization, not
non-executable stack, and randomization at least ought to be orthogonal
to whether stack is executable or not.

	Jakub
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]