tell the assembler to mark all files as not requiring executable stack

for some reason this option is undocumented. not sure when it was added, so I'm using a configure test. gcc was already setting the mark correctly for C files, but assembler source files would need ugly .note boilerplate in every single file to achieve this without the option to the assembler. blame whoever thought it would be a good idea to make the stack executable by default rather than doing it the other way around...
author: Rich Felker <dalias@aerifal.cx> 2012-10-03 11:49:58 -0400
committer: Rich Felker <dalias@aerifal.cx> 2012-10-03 11:49:58 -0400
commit: adefe830dd376be386df5650a09c313c483adf1a (patch)
tree: 08fa664f481973d2e4d0e58189f697d2792c4ce3
parent: 030e52639248ac8417a4934298caa78c21a228d1 (diff)
download: musl-adefe830dd376be386df5650a09c313c483adf1a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/configure b/configure
index 2969b950..9b06d2b4 100755
--- a/configure
+++ b/configure
@@ -248,6 +248,13 @@ tryflag CFLAGS_AUTO -fno-unwind-tables
 tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables
 
 #
+# The GNU toolchain defaults to assuming unmarked files need an
+# executable stack, potentially exposing vulnerabilities in programs
+# linked with such object files. Fix this.
+#
+tryflag CFLAGS_AUTO -Wa,--noexecstack
+
+#
 # Some optimization levels add bloated alignment that hurt performance
 #
 tryflag CFLAGS_AUTO -falign-functions=1
author	Rich Felker <dalias@aerifal.cx>	2012-10-03 11:49:58 -0400
committer	Rich Felker <dalias@aerifal.cx>	2012-10-03 11:49:58 -0400
commit	adefe830dd376be386df5650a09c313c483adf1a (patch)
tree	08fa664f481973d2e4d0e58189f697d2792c4ce3
parent	030e52639248ac8417a4934298caa78c21a228d1 (diff)
download	musl-adefe830dd376be386df5650a09c313c483adf1a.tar.gz