Okay, so the problem is that setting the noexecstack attribute at the
asm level (-Wa,--noexecstack in CFLAGS) is useless: even without it,
.note.GNU-stack is never marked as executable unless you have nested
functions.
What works is setting the attribute at the link level
(-Wl,-z,noexecstack in LDFLAGS), and if it's not done, apparently
GNU toolchains still mark the stack as executable by default in the
binaries.
I will change the configure scripts to specify noexecstack at the
LDFLAGS level. Thanks for bringing this to my attention :)
--
Laurent
Received on Thu Apr 08 2021 - 12:25:02 UTC