path: root/configure
diff options
authorRich Felker <>2012-10-03 11:49:58 -0400
committerRich Felker <>2012-10-03 11:49:58 -0400
commitadefe830dd376be386df5650a09c313c483adf1a (patch)
tree08fa664f481973d2e4d0e58189f697d2792c4ce3 /configure
parent030e52639248ac8417a4934298caa78c21a228d1 (diff)
tell the assembler to mark all files as not requiring executable stack
for some reason this option is undocumented. not sure when it was added, so I'm using a configure test. gcc was already setting the mark correctly for C files, but assembler source files would need ugly .note boilerplate in every single file to achieve this without the option to the assembler. blame whoever thought it would be a good idea to make the stack executable by default rather than doing it the other way around...
Diffstat (limited to 'configure')
1 files changed, 7 insertions, 0 deletions
diff --git a/configure b/configure
index 2969b950..9b06d2b4 100755
--- a/configure
+++ b/configure
@@ -248,6 +248,13 @@ tryflag CFLAGS_AUTO -fno-unwind-tables
tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables
+# The GNU toolchain defaults to assuming unmarked files need an
+# executable stack, potentially exposing vulnerabilities in programs
+# linked with such object files. Fix this.
+tryflag CFLAGS_AUTO -Wa,--noexecstack
# Some optimization levels add bloated alignment that hurt performance
tryflag CFLAGS_AUTO -falign-functions=1