On Wed, Nov 09, 2005 at 12:00:19AM +0100, Dirk Mueller wrote: > > Hi, > > the appended patch makes libcrypto.so compile without executable stack > requirements. it should be portable accross all versions of binutils (and > doesn't affect any non-linux platform anyway).
The problem is that binutils assumes that assembler files without that section require an executable stack, while most don't. This means that on all platforms that use gnu binutils something is required for all (generated) assembler files (not created by gcc), not just for x86. You don't have the problem with .c files since gcc will add the proper section if it needs to, which is in most cases. There are cases where gcc will generate assembler that requires an executable stack too. This means either patching all those generated files, or telling the assembler (with -Wa,--noexecstack) that it shouldn't generate an executable stack. I would prefer the first, but I don't see how to make that portable in an easy way. The problem with an executable stack is probaly obvious to most people, in case of a security bug it's ussually the most easy way to exploit it. The Linux kernel now has the abbility to make the stack executable on request, specialy on hardware with the "NX" bit. There exist patches that do not allow you to have an executable stack. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
