http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47656
Summary: libgo.so has writable executable stack Product: gcc Version: 4.6.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: go AssignedTo: i...@airs.com ReportedBy: dirtye...@gentoo.org For security reasons our package manager scans ELF files being installed for writable executable stacks using scanelf (pax-utils). libgo.so triggers this warning. $ scanelf -qe /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/libgo.so.0.0.0 RWX --- --- /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/libgo.so.0.0.0 $ eu-readelf -S /usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/libgo.so.0.0.0 There are 31 section headers, starting at offset 0x8975e0: Section Headers: [Nr] Name Type Addr Off Size ES Flags Lk Inf Al [ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0 [ 1] .hash HASH 0000000000000200 00000200 00014468 4 A 3 0 8 [ 2] .gnu.hash GNU_HASH 0000000000014668 00014668 000181e4 0 A 3 0 8 [ 3] .dynsym DYNSYM 000000000002c850 0002c850 000498a8 24 A 4 3 8 [ 4] .dynstr STRTAB 00000000000760f8 000760f8 000b1074 0 A 0 0 1 [ 5] .gnu.version GNU_versym 000000000012716c 0012716c 0000620e 2 A 3 0 2 [ 6] .gnu.version_r GNU_verneed 000000000012d380 0012d380 000000e0 0 A 4 4 8 [ 7] .rela.dyn RELA 000000000012d460 0012d460 002900b8 24 A 3 0 8 [ 8] .rela.plt RELA 00000000003bd518 003bd518 0000edd8 24 A 3 10 8 [ 9] .init PROGBITS 00000000003cc2f0 003cc2f0 00000018 0 AX 0 0 4 [10] .plt PROGBITS 00000000003cc308 003cc308 00009ea0 16 AX 0 0 4 [11] .text PROGBITS 00000000003d61b0 003d61b0 001c5dbc 0 AX 0 0 16 [12] .fini PROGBITS 000000000059bf6c 0059bf6c 0000000e 0 AX 0 0 4 [13] .rodata PROGBITS 000000000059bf80 0059bf80 000607e2 0 A 0 0 32 [14] .eh_frame_hdr PROGBITS 00000000005fc764 005fc764 0000b44c 0 A 0 0 4 [15] .eh_frame PROGBITS 0000000000607bb0 00607bb0 0003b324 0 A 0 0 8 [16] .gcc_except_table PROGBITS 0000000000642ed4 00642ed4 000027d5 0 A 0 0 4 [17] .tdata PROGBITS 0000000000846020 00646020 00000008 0 WAT 0 0 8 [18] .tbss NOBITS 0000000000846028 00646028 000000d0 0 WAT 0 0 8 [19] .ctors PROGBITS 0000000000846028 00646028 00000020 0 WA 0 0 8 [20] .dtors PROGBITS 0000000000846048 00646048 00000010 0 WA 0 0 8 [21] .jcr PROGBITS 0000000000846058 00646058 00000008 0 WA 0 0 8 [22] .data.rel.ro PROGBITS 0000000000846060 00646060 00122e88 0 WA 0 0 32 [23] .dynamic DYNAMIC 0000000000968ee8 00768ee8 000001e0 16 WA 4 0 8 [24] .got PROGBITS 00000000009690c8 007690c8 00002f10 8 WA 0 0 8 [25] .got.plt PROGBITS 000000000096bfe8 0076bfe8 00004f60 8 WA 0 0 8 [26] .data PROGBITS 0000000000970f60 00770f60 00084390 0 WA 0 0 32 [27] .bss NOBITS 00000000009f5300 007f52f0 00234bb8 0 WA 0 0 32 [28] .go_export PROGBITS 0000000000000000 007f52f0 000a21cf 0 0 0 1 [29] .gnu_debuglink PROGBITS 0000000000000000 008974bf 0000001c 0 0 0 1 [30] .shstrtab STRTAB 0000000000000000 008974db 00000102 0 0 0 1 $ gcc -v Using built-in specs. COLLECT_GCC=/usr/x86_64-unknown-linux-gnu/gcc-bin/4.6.0-pre9999/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-4.6.0_pre9999/work/gcc-4.6.0-9999/configure --prefix=/usr --bindir=/usr/x86_64-unknown-linux-gnu/gcc-bin/4.6.0-pre9999 --includedir=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/include --datadir=/usr/share/gcc-data/x86_64-unknown-linux-gnu/4.6.0-pre9999 --mandir=/usr/share/gcc-data/x86_64-unknown-linux-gnu/4.6.0-pre9999/man --infodir=/usr/share/gcc-data/x86_64-unknown-linux-gnu/4.6.0-pre9999/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.6.0-pre9999/include/g++-v4 --host=x86_64-unknown-linux-gnu --build=x86_64-unknown-linux-gnu --disable-altivec --disable-fixed-point --with-ppl --with-cloog --disable-ppl-version-check --with-cloog-include=/usr/include/cloog-ppl --enable-lto --disable-nls --with-system-zlib --disable-werror --enable-secureplt --enable-multilib --disable-libmudflap --disable-libssp --enable-libgomp --enable-cld --with-python-dir=/share/gcc-data/x86_64-unknown-linux-gnu/4.6.0-pre9999/python --enable-checking=release --disable-libgcj --enable-languages=c,c++,go --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --with-bugurl=http://bugs.gentoo.org/ --with-pkgversion='Gentoo SVN' Thread model: posix gcc version 4.6.0-pre9999 20110209 (experimental) rev. 169960 (Gentoo SVN)