tell the assembler to mark all files as not requiring executable stack

[musl] / configure

diff --git a/configure b/configure
index 2969b95..9b06d2b 100755 (executable)
--- a/configure
+++ b/configure
@@ -247,6 +247,13 @@ fi
 tryflag CFLAGS_AUTO -fno-unwind-tables
 tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables
 
+#
+# The GNU toolchain defaults to assuming unmarked files need an
+# executable stack, potentially exposing vulnerabilities in programs
+# linked with such object files. Fix this.
+#
+tryflag CFLAGS_AUTO -Wa,--noexecstack
+
 #
 # Some optimization levels add bloated alignment that hurt performance
 #