Hello all,

Kostik Belousov is currently working on a patchset for FreeBSD to make no-exec stacks work on i386 and amd64. Support for this is long overdue, but limitations to the way signal handling is implemented on those architectures has made it a bit tougher to implement this.

If I understand the patchset correctly, processes will only use a no-exec stack if the executable and its libraries don't depend on it being executable. This is done by adding a marker to all object files. For C files, this seems to be done automatically, but for assembly files, we need to mark them manually.

Kostik is proposing the following patchset to be committed to FreeBSD HEAD:

  http://people.freebsd.org/~kib/misc/nxstack.2.patch

Would it be possible for the compiler-rt changes (in contrib/compiler-rt) to get upstreamed? Thanks.

Since all the code in compiler-rt does not execute anything on the stack, is there some command line option that will add that section? That way every .s file will not need to be touched.

Alternately, is there some way to add the section directive to the assembly.h file, that way every file will get it without having to change every .S file?

I'm fine with adding this information, just modifying every .S file and adding a macro seems fragile.

-Nick

Hi Nick,

i don't know about other toolchains but GNU binutils supports 'as --noexecstack' and 'ld -z noexecstack'
if you want to avoid changing the .S files.