Am Sonntag, den 17.03.2019, 15:00 +0100 schrieb Fabio Valentini: > On Sun, Mar 17, 2019 at 2:49 PM John Reiser <jreiser@xxxxxxxxxxxx> > wrote: > > > I've noticed that as of some days ago, some packages I build on > > > rawhide are now triggering the "W: executable-stack" warning for > > > all included executables and shared libraries. > > > > > > I'm not sure which change might be the cause of this, but meson > > > 0.50.0 seems to be a good candidate, since all my affected > > > packages are built with meson and the new version landed six days > > > ago. > > > > > > Is that new warning something we should worry about? > > > > Yes. The warning means that an executable is not as secure as it > > could be against malware. > > > > The likely cause is some assembly-language source file that lacks a > > line such as > > .section .note.GNU-stack,"",@progbits > > which tells the assembler and static binder (/usr/bin/ld) that "the > > code in this file > > does not need an executable stack." > > No, that's not it. The packages that now trigger this warning don't > contain any assembly sources, only Vala (which is compiled to C) and > C. > For example: > https://taskotron.fedoraproject.org/artifacts/all/2ac7eb02-48a6-11e9-a48a-525400fc9f92/tests.yml/elementary-code-3.1.1-1.fc31.log > > Fabio > > > To identify the files that lack the line: > > find src -name '*.S' | sort > files-S.txt > > grep -l note.GNU-stack $(< files-S.txt) > files-non-W- > > stack.txt > > comm -3 files-S.txt files-non-W-stack.txt > > > > To remove the warning: append the line to the end of each file > > listed > > in the output from 'comm'. Did you examine the C code files generated from the Vala sources not to have local functions that are called through function pointers? See [1] as a reference. [1] https://www.win.tue.nl/~aeb/linux/hh/protection.html
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
