https://sourceware.org/bugzilla/show_bug.cgi?id=29072
Bug ID: 29072
Summary: ld silently make the program stack area executable if
nested function is used
Product: binutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: rui314 at gmail dot com
Target Milestone: ---
GCC's nested function
(https://gcc.gnu.org/onlinedocs/gcc/Nested-Functions.html) depends on the
executable stack, so the feature has a huge implication on a generated
program's security. Essentially, using the nested function feature makes the
entire program vulnerable to a simple buffer overflow attack.
GNU ld makes the stack area executable if at least one object file contains a
`.note.GNU-stack` section with `SHF_EXECINSTR`. GCC emits such section if the
nested function feature is used.
I think this surprises users. If you link against an object file that contains
such note section, the program's entire executable becomes executable without
any notice. Frankly, this looks very dangerous to me.
Can we make a change to GNU ld so that it at least print out a warning message
for the executable stack? If a user explicitly requests the executable stack by
passing `-z execstack`, then we can mute the warning.
--
You are receiving this mail because:
You are on the CC list for the bug.
