[Bug ld/29072] ld silently make the program stack area executable if nested function is used

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=29072

Nick Clifton <nickc at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #16 from Nick Clifton <nickc at redhat dot com> ---
(In reply to H.J. Lu from comment #15)
> Is the goal to remove nested functions?

No - the goal is to improve the security of programs by letting their builders
know that they have a vulnerability.  They *may* chose to address the
vulnerability by removing nested functions from their code - if that was the
cause - but they may also decide that the vulnerability is acceptable and
instead add --no-warn-execstack to the linker command line.  Or just ignore the
warning.

The point of the warning is that it gives program builders a prompt to decide
what is best for them.  By informing them of the potential security
vulnerability - something that they may not have realised was happening to
their program - they then have a reason to perform a security review of their
code, and can decide what to do.

As for builders who are unaware of the risks of executable stacks and the
dangers of nested functions - and hence will be confused by this new warning -
I intend to write a blog about the problem and its possible solutions.  It is
my hope that a web search will turn up this blog, and so they will be able to
find some advice on what to do.

-- 
You are receiving this mail because:
You are on the CC list for the bug.