1) I think I misunderstood how the kernel warning works. It may only apply to images that the kernel execve() itself directly rather than to any execve() syscall.
Looks like it. Otherwise, I would have seen zillions of warning messages
in my kernel logs, with all the executable-stack binaries I have apparently been running. XD
2) Simply compiling a Hello World program with gcc without any option and linked with musl libc produces an executable with a non-executable stack by default.
So it seems there is something in one of the skalibs that tells the linker to mark the stack as executable. I wish I could tell you what, but that is beyond my expertise.
I double-checked all the objects in skalibs, and none of them require an executable stack. But when creating libskarnet.so without "-Wl,-z,noexecstack", the resulting shared library is marked E stack. I suppose that if you link a binary against that shared library, it will be marked E stack as well. My toolchain also creates E stack binaries by default, no matter whether they're static or dynamic. It may be that my build of musl is bad. I am not interested enough in the details of what happens at the ld level to try and figure out if there's *something* that causes it to mark E stack when it should not; it requires spending much more quality time with binutils than I am comfortable with. All I know is that none of the object files in my software needs E stack, and bullying ld into doing the right thing works, so I'm content with that solution. -- Laurent