I added a support for non-executable stacks on amd64 and PowerPC architectures some time ago, but did not enabled it. Passed time allowed to fix some bugs in the implementation, and I consider it would be good to have NX stacks enabled for architectures that support it. I plan to commit the following knob twiddle in approximately a week. Some ports, if any, that erronously handle PT_GNU_STACK phdr may break. Anybody interested should and could test the change before the commit, by setting sysctl kern.elf64.nxstack and kern.elf32.nxstack to 1. diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c index b41741a..7358e40 100644 --- a/sys/kern/imgact_elf.c +++ b/sys/kern/imgact_elf.c _at__at_ -116,7 +115,12 _at__at_ static int elf_legacy_coredump = 0; SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW, &elf_legacy_coredump, 0, ""); -static int __elfN(nxstack) = 0; +static int __elfN(nxstack) = +#if defined(__amd64__) || defined(__powerpc__) /* both 64 and 32 bit */ + 1; +#else + 0; +#endif SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, nxstack, CTLFLAG_RW, &__elfN(nxstack), 0, __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:13 UTC