Closed
Bug 1357216
Opened 7 years ago
Closed 7 years ago
NSS inadvertently marks the stack executable
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mt, Assigned: mt)
Details
This is a regression of bug 320497. We have added quite a few GNU assembly files to the build, some of which do not include the magic incantation: .section .note.GNU-stack,"",@progbits Without this, libfreeblpriv3.so ends up requesting an executable stack. See https://news.ycombinator.com/item?id=11599909 I don't know if Firefox already requires an executable stack for other reason (the javascript VM maybe), but other programs are being exposed to unnecessary risk as a result of this error. Rather than patch in this arcane syntax for every new file, it is easier to tell the linker not to create an executable stack. Adding -z noexecstack to the linker command line avoids the problem.
Assignee | ||
Comment 1•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/89c818ff7f8b0a47c253f6f794addbd633f5ba23
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Version: trunk → 3.31
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → martin.thomson
Updated•7 years ago
|
Group: crypto-core-security → core-security-release
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•