[Asterisk-code-review] Build system: Avoid executable stack. (asterisk[certified/18.9])

George Joseph asteriskteam at digium.com
Fri Nov 11 05:53:31 CST 2022 

George Joseph has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/19553 )


Change subject: Build system: Avoid executable stack.
......................................................................

Build system: Avoid executable stack.

Found in res_geolocation, but I believe others may have similar issues,
thus not linking to a specific issue.

Essentially gcc doesn't mark the stack for being non-executable unless
it's compiling the source, this informs ld via gcc to mark the object as
not requiring an executable stack (which a binary blob obviously
doesn't).

Change-Id: I71bcc2fd1fe0c82a28b3257405d6f2b566fd9bfc
Signed-off-by: Jaco Kroon <jaco at uls.co.za>
---
M Makefile.rules
1 file changed, 20 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/53/19553/1

diff --git a/Makefile.rules b/Makefile.rules
index e6b6589..7b508e6 100644
--- a/Makefile.rules
+++ b/Makefile.rules
@@ -213,10 +213,10 @@
 # extern const size_t _binary_abc_def_xml_size;
 %.o: %.xml
 	$(ECHO_PREFIX) echo "   [LD] $^ -> $@"
-	$(CMD_PREFIX) $(CC) -g -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
+	$(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
 
 %.o: %.xslt
 	$(ECHO_PREFIX) echo "   [LD] $^ -> $@"
-	$(CMD_PREFIX) $(CC) -g -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
+	$(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
 
 dist-clean:: clean

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/19553
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: certified/18.9
Gerrit-Change-Id: I71bcc2fd1fe0c82a28b3257405d6f2b566fd9bfc
Gerrit-Change-Number: 19553
Gerrit-PatchSet: 1
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-CC: Jaco Kroon <jaco at uls.co.za>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20221111/d542194f/attachment-0001.html>

More information about the asterisk-code-review mailing list