Bug 103863 - We need a warning for loss of no-exec stacks
Summary: We need a warning for loss of no-exec stacks
Status: UNCONFIRMED
Alias: None
Product: gcc
Classification: Unclassified
Component: driver (show other bugs)
Version: unknown
: P3 enhancement
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: diagnostic
Depends on:
Blocks: new-warning, new_warning
  Show dependency treegraph
 
Reported: 2021-12-30 01:59 UTC by Jeffrey Walton
Modified: 2024-04-28 21:07 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeffrey Walton 2021-12-30 01:59:55 UTC
Hello,

This is a feature request.

For targets that support no-exec stacks, we need a warning when GCC generates code or drives the linker with loss of no-exec stacks.

The warning would be beneficial for most builds nowadays since no-exec stacks are part of most distro hardening. For example, Debian and Fedora both incorporate it into their build system; and special steps must be taken to avoid no-exec stacks out of the box.

The warning would also be beneficial in cases like https://bugzilla.redhat.com/show_bug.cgi?id=2035802. In the 2035802 bug, an ARM machine failed to boot because libz contained executable stacks even though they were not needed.

A specific warning for no-exec stacks is slightly different than -Wtrampolines. While trampolines resulted in executable stacks in the past, that may not hold in the future as lambdas are added to the language. And trampolines are not a necessary precondition to get in an insecure state like the 2035802 bug shows.

It is most unfortunate that ASM files need special handling because the object files are marked with executable stacks by default. Maybe that should be another bug report to change default behavior since the strategy nowadays is: no-exec stacks by default, do something special for executable stacks.

Thanks in advance.
Comment 1 Andrew Pinski 2021-12-30 02:04:57 UTC
I think the warning needs to be implemented in the linker rather than in GCC because the linker is what decides if there are executable stacks are needed or not.
Comment 2 Jeffrey Walton 2021-12-30 02:27:33 UTC
(In reply to Andrew Pinski from comment #1)
> I think the warning needs to be implemented in the linker rather than in GCC
> because the linker is what decides if there are executable stacks are needed
> or not.

Thanks Andrew.

I thought about a linker warning, too. Do they have to be mutually exclusive (warning in compiler vs warning in linker)?

I also asked the Binutil folks for some feedback: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103863.