[Asterisk-code-review] Build system: Avoid executable stack. (asterisk[18])

George Joseph asteriskteam at digium.com
Mon Nov 21 10:49:23 CST 2022 

George Joseph has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/19546 )

Change subject: Build system: Avoid executable stack.
......................................................................

Build system: Avoid executable stack.

Found in res_geolocation, but I believe others may have similar issues,
thus not linking to a specific issue.

Essentially gcc doesn't mark the stack for being non-executable unless
it's compiling the source, this informs ld via gcc to mark the object as
not requiring an executable stack (which a binary blob obviously
doesn't).

ASTERISK-30321

Change-Id: I71bcc2fd1fe0c82a28b3257405d6f2b566fd9bfc
Signed-off-by: Jaco Kroon <jaco at uls.co.za>
---
M Makefile.rules
1 file changed, 22 insertions(+), 2 deletions(-)

Approvals:
  George Joseph: Looks good to me, approved; Approved for Submit




diff --git a/Makefile.rules b/Makefile.rules
index e6b6589..7b508e6 100644
--- a/Makefile.rules
+++ b/Makefile.rules
@@ -213,10 +213,10 @@
 # extern const size_t _binary_abc_def_xml_size;
 %.o: %.xml
 	$(ECHO_PREFIX) echo "   [LD] $^ -> $@"
-	$(CMD_PREFIX) $(CC) -g -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
+	$(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
 
 %.o: %.xslt
 	$(ECHO_PREFIX) echo "   [LD] $^ -> $@"
-	$(CMD_PREFIX) $(CC) -g -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
+	$(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles  -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^
 
 dist-clean:: clean

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/19546
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 18
Gerrit-Change-Id: I71bcc2fd1fe0c82a28b3257405d6f2b566fd9bfc
Gerrit-Change-Number: 19546
Gerrit-PatchSet: 3
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20221121/8e9bd8e1/attachment.html>

More information about the asterisk-code-review mailing list