On Wed, Aug 22, 2012 at 9:41 PM, Mike Frysinger <[email protected]> wrote: > On Wednesday 22 August 2012 18:28:52 Russ Allbery wrote: >> special exceptions. Being able to turn off executable stack as at least >> another easily-accessible option is an interesting idea, and I may raise >> that on debian-devel. (Although it can be a little hard to predict which >> packages need that. > > it's trivial to locate: > readelf -lW /bin/bash | grep GNU_STACK > if it's set as RWE, that's bad. if the ELF lacks a GNU_STACK, that's bad. I believe there is more to it. The PT_GNU_STACK marking must be present *and* have a size of 0. See Ian Lance Taylor's blog http://www.airs.com/blog/archives/120.
Trivia: How does one audit a Gentoo binary for no-exec heap compliance. Hint: its not readelf because Gentoo did not modify the utility to dump PaX flags. (I'm asking because it took me some time to discover the information). Jeff _______________________________________________ Autoconf mailing list [email protected] https://lists.gnu.org/mailman/listinfo/autoconf
