From: Rich Felker <dalias@aerifal.cx>
Date: Wed, 3 Oct 2012 15:49:58 +0000 (-0400)
Subject: tell the assembler to mark all files as not requiring executable stack
X-Git-Url: http://nsz.repo.hu/git/?p=musl;a=commitdiff_plain;h=adefe830dd376be386df5650a09c313c483adf1a;ds=sidebyside

tell the assembler to mark all files as not requiring executable stack

for some reason this option is undocumented. not sure when it was
added, so I'm using a configure test. gcc was already setting the mark
correctly for C files, but assembler source files would need ugly
.note boilerplate in every single file to achieve this without the
option to the assembler.

blame whoever thought it would be a good idea to make the stack
executable by default rather than doing it the other way around...
---

diff --git a/configure b/configure
index 2969b950..9b06d2b4 100755
--- a/configure
+++ b/configure
@@ -247,6 +247,13 @@ fi
 tryflag CFLAGS_AUTO -fno-unwind-tables
 tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables
 
+#
+# The GNU toolchain defaults to assuming unmarked files need an
+# executable stack, potentially exposing vulnerabilities in programs
+# linked with such object files. Fix this.
+#
+tryflag CFLAGS_AUTO -Wa,--noexecstack
+
 #
 # Some optimization levels add bloated alignment that hurt performance
 #