On Thu, Aug 05, 2021 at 05:05:05PM +0200, Daniel Kiper wrote: > On Mon, Aug 02, 2021 at 05:40:57PM +0800, Michael Chang via Grub-devel wrote: > > The gcc by default assumes executable stack is required if the source > > object file doesn't have .note.GNU-stack section in place. If any of the > > source objects doesn't incorporate the GNU-stack note, the resulting > > program will have executable stack flag set in PT_GNU_STACK program > > header to instruct program loader or kernel to set up the exeutable > > stack when program loads to memory. > > > > Usually the .note.GNU-stack section will be generated by gcc > > automatically if it finds that executable stack is not required. However > > it doesn't take care of generating .note.GNU-stack section for those > > object files built from assembler sources. This leads to unnecessary > > risk of security of exploiting the executable stack because those > > assembler sources don't actually require stack to be executable to work. > > > > The grub-emu and grub-emu-lite are found to flag stack as executable > > revealed by execstack tool. > > Did you test all executables for all supported architectures and platforms?
No. But the test should cover grub executables on as many plarforms as possbile as follow. i386-pc i386-efi x86_64-efi powerpc-ieee1275 arm64-efi x86_64-xen x86_64-emu arm64-emu > > $ mkdir -p build-emu && cd build-emu > > $ ../configure --with-platform=emu && make > > $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite > > X grub-core/grub-emu > > X grub-core/grub-emu-lite > > > > This patch will add the missing GNU-stack note to the assembler source > > used by both utilities, therefore the result doesn't count on gcc > > default behavior and the executable stack is disabled. > > > > $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite > > - grub-core/grub-emu > > - grub-core/grub-emu-lite > > > > Signed-off-by: Michael Chang <mch...@suse.com> > > Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Thanks for reviewing the patch. Regards, Michael > > Daniel > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
