Hello,
what is the way to package programs which are containing code which will be executed on stack? Since this "feature" conflicts with exec-shield, the package-build may fail in the %check stage, or on the user-side.
A program suffering from this is qemu[1]; I tried the chstk tool[2], but it fails with
| ./qemu: Unknown file type
which is probably caused by a "strange" (but required) linking.
I read the RELEASE-NOTES also which state that
| NOTE: Binary marking (the ability to identify those binaries that | should run with Exec-shield enabled/disabled) is not yet implemented.
Does there exist a clean way to mark execute-on-stack programs in the meantime?
Enrico
Footnotes: [1] http://fabrice.bellard.free.fr/qemu/ https://bugzilla.fedora.us/show_bug.cgi?id=623
On Thu, Aug 28, 2003 at 03:13:44PM +0200, Enrico Scholz wrote:
A program suffering from this is qemu[1]; I tried the chstk tool[2], but it fails with
That's from an earlier way of marking. There's now a different way of doing it. I don't think that new way is yet supported in the kernel that we shipped, but I may misremember... The latest kernel in RHN (and tomorrow in rawhide) has the latest exec-shield in it.
If you build something with gas directly, you can pass the --execstack option to gas; otherwise, use the compiler argument -Wa,--execstack to tell the compiler to tell gas to request an executable stack.
Alternatively, if you have assembler sources, you can also add .section .note.GNU-stack,"x"; .previous to the assembler source; that's what the --execstack option does.
How that needs to be factored into qemu building I don't know; as you point out, that may be a bit complex...
michaelkjohnson
"He that composes himself is wiser than he that composes a book." Linux Application Development -- Ben Franklin http://people.redhat.com/johnsonm/lad/
johnsonm@redhat.com ("Michael K. Johnson") writes:
[... Disabling execshield for certain binaries ...] If you build something with gas directly, you can pass the --execstack option to gas; otherwise, use the compiler argument -Wa,--execstack to tell the compiler to tell gas to request an executable stack.
Thanks. Have I to do this for every source-file, or just once for each binary? What is with the '-z execstack' option for ld?
Alternatively, if you have assembler sources, you can also add .section .note.GNU-stack,"x"; .previous to the assembler source; that's what the --execstack option does.
Have I to be carefully when executing 'strip -R.note' on such binaries?
Enrico
On Thu, Sep 04, 2003 at 01:46:04AM +0200, Enrico Scholz wrote:
Thanks. Have I to do this for every source-file, or just once for each binary? What is with the '-z execstack' option for ld?
That's yet another way. You'd use the assembler method if you were going to be creating a library archive and didn't know if the object requiring execstack was going to be included or not.
The linker switch overrides everything that may have been stored in the object files.
Have I to be carefully when executing 'strip -R.note' on such binaries?
Not the linked binary. We create a PT_GNU_STACK header that the kernel is to use. You can't strip that.
r~