On Sun, Jan 23, 2005 at 10:29:12PM +0100, Jeroen van Wolffelaar wrote: > Greg: Ease of adding, and potentional negative benefits would be very > nice to have, and if it's going to be in policy, for lintian a way to > check for it.
Purpose: PT_GNU_STACK is used to mark binaries which require an executable stack. This allows security systems, such as SELinux of grsecurity, to enable same only when required. Ease of adding: Recent versions of gcc (3.3.x) add PT_GNU_STACK by default, so pretty much anything compiled under sarge or later will pick it up automatically. It can be disabled by either the compiler or linker if necessary. Negative effects: None that I'm aware of, at least with gcc 3.3.5. I understand that earlier versions (dunno which ones, specifically) were sometimes too optimistic when determining whether or not an executable stack was required. I'm not sure how lintian might go about checking for this... I can only say that `execstack -q' and `objdump -p' will both show this information. I'll do some looking, and see if I can find anything more concrete. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]