Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
grub2.28279
0001-emu-fix-executable-stack-marking.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-emu-fix-executable-stack-marking.patch of Package grub2.28279
From 4cc06bef26c3573309086bec4472cc9151b0379e Mon Sep 17 00:00:00 2001 From: Michael Chang <mchang@suse.com> Date: Mon, 1 Feb 2021 20:14:12 +0800 Subject: [PATCH] emu: fix executable stack marking The gcc by default assumes executable stack is required if the source object file doesn't have .note.GNU-stack section in place. If any of the source objects doesn't incorporate the GNU-stack note, the resulting program will have executable stack flag set in PT_GNU_STACK program header to instruct program loader or kernel to set up the exeutable stack when program loads to memory. Usually the .note.GNU-stack section will be generated by gcc automatically if it finds that executable stack is not required. However it doesn't take care of generating .note.GNU-stack section for those object files built from assembler sources. This leads to unnecessary risk of security of exploiting the executable stack because those assembler sources don't actually require stack to be executable to work. The grub-emu and grub-emu-lite are found to flag stack as executable revealed by execstack tool. $ mkdir -p build-emu && cd build-emu $ ../configure --with-platform=emu && make $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite X grub-core/grub-emu X grub-core/grub-emu-lite This patch will add the missing GNU-stack note to the assembler source used by both utilities, therefore the result doesn't count on gcc default behavior and the executable stack is disabled. $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite - grub-core/grub-emu - grub-core/grub-emu-lite Signed-off-by: Michael Chang <mchang@suse.com> --- grub-core/kern/emu/cache_s.S | 5 +++++ grub-core/lib/setjmp.S | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/grub-core/kern/emu/cache_s.S b/grub-core/kern/emu/cache_s.S index 7bb1e1441..fca85c69e 100644 --- a/grub-core/kern/emu/cache_s.S +++ b/grub-core/kern/emu/cache_s.S @@ -2,6 +2,11 @@ #error "This source is only meant for grub-emu platform" #endif +/* An executable stack is not required for these functions */ +#if defined (__linux__) && defined (__ELF__) +.section .note.GNU-stack,"",@progbits +#endif + #if defined(__i386__) || defined(__x86_64__) /* Nothing is necessary. */ #elif defined(__sparc__) diff --git a/grub-core/lib/setjmp.S b/grub-core/lib/setjmp.S index a37467760..16f676368 100644 --- a/grub-core/lib/setjmp.S +++ b/grub-core/lib/setjmp.S @@ -1,3 +1,7 @@ +/* An executable stack is not required for these functions */ +#if defined (__linux__) && defined (__ELF__) +.section .note.GNU-stack,"",@progbits +#endif #if defined(__i386__) #include "./i386/setjmp.S" #elif defined(__x86_64__) -- 2.30.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor