[Bug ld/29072] New: ld silently make the program stack area executable if nested function is used

[rui314 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=29072

            Bug ID: 29072
           Summary: ld silently make the program stack area executable if
                    nested function is used
           Product: binutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: ld
          Assignee: unassigned at sourceware dot org
          Reporter: rui314 at gmail dot com
  Target Milestone: ---

GCC's nested function
(https://gcc.gnu.org/onlinedocs/gcc/Nested-Functions.html) depends on the
executable stack, so the feature has a huge implication on a generated
program's security. Essentially, using the nested function feature makes the
entire program vulnerable to a simple buffer overflow attack.

GNU ld makes the stack area executable if at least one object file contains a
`.note.GNU-stack` section with `SHF_EXECINSTR`. GCC emits such section if the
nested function feature is used.

I think this surprises users. If you link against an object file that contains
such note section, the program's entire executable becomes executable without
any notice. Frankly, this looks very dangerous to me.

Can we make a change to GNU ld so that it at least print out a warning message
for the executable stack? If a user explicitly requests the executable stack by
passing `-z execstack`, then we can mute the warning.

-- 
You are receiving this mail because:
You are on the CC list for the bug.