Alan Coopersmith wrote:
> This all looks good to me. The one thing I wonder about changing:
>
>> By default, the stack has READ, WRITE, and EXECUTE permissions. The EXECUTE
>> setting exists for historical reasons. It is rarely if ever needed and is
>> generally considered to be a potential security risk. Removing EXECUTE
>> permission from the stack is a recommended practice:
>>
>> STACK {
>> FLAGS -= EXECUTE;
>> };
>
> Is there any reason to not just say "If you're using a version 2 mapfile,
> stack is non-executable by default, and you have to explicitly add it in
> the very few cases it's needed" ?
>
I appreciate the sentiment, because having the stack be executable
by default is a real problem. I did think about doing that, but
decided against it for a couple of reasons:
1) This would imply that an empty mapfile that contained
nothing more than
$mapfile_version 2
would alter default behavior. I think that sort of thing
needs to be explicit, so that there's no confusion, particularly
as an empty version 1 mapfile has no such effect.
2) The vast majority of applications don't use mapfiles anyway,
and those that do are all (today) using the old syntax. This
proposal would not reach any of them, so it misses a large
fraction of our audience --- arguably the ones we most need to
reach.
Anyone who understands (1) and (2) is already in a position to include the
STACK directive into their mapfiles, and is probably already doing so
(as we do in ON, and I know you do in X11).
I think this stack protection issue is better solved as part of the
solution to
6239804 make it easier for ld(1) to do what's best
which is something we've been thinking about independently of
mapfiles (and of course, something that is not part of this case).
- Ali
