rpm/grub2
SHA256
1
0
Fork 0
forked from pool/grub2
Code Pull Requests Activity
448b5a32b0
grub2/0001-emu-fix-executable-stack-marking.patch
Michael Chang f58f445591 Accepting request 886638 from home:michael-chang:branches:Base:System 
- Fix build error on armv6/armv7 (bsc#1184712)
  * 0001-emu-fix-executable-stack-marking.patch

OBS-URL: https://build.opensuse.org/request/show/886638
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=381
2021-04-21 09:28:04 +00:00

71 lines
2.7 KiB
Diff
Raw Blame History

From 4cc06bef26c3573309086bec4472cc9151b0379e Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Mon, 1 Feb 2021 20:14:12 +0800
Subject: [PATCH] emu: fix executable stack marking
The gcc by default assumes executable stack is required if the source
object file doesn't have .note.GNU-stack section in place. If any of the
source objects doesn't incorporate the GNU-stack note, the resulting
program will have executable stack flag set in PT_GNU_STACK program
header to instruct program loader or kernel to set up the exeutable
stack when program loads to memory.
Usually the .note.GNU-stack section will be generated by gcc
automatically if it finds that executable stack is not required. However
it doesn't take care of generating .note.GNU-stack section for those
object files built from assembler sources. This leads to unnecessary
risk of security of exploiting the executable stack because those
assembler sources don't actually require stack to be executable to work.
The grub-emu and grub-emu-lite are found to flag stack as executable
revealed by execstack tool.
$ mkdir -p build-emu && cd build-emu
$ ../configure --with-platform=emu && make
$ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
X grub-core/grub-emu
X grub-core/grub-emu-lite
This patch will add the missing GNU-stack note to the assembler source
used by both utilities, therefore the result doesn't count on gcc
default behavior and the executable stack is disabled.
$ execstack -q grub-core/grub-emu grub-core/grub-emu-lite
- grub-core/grub-emu
- grub-core/grub-emu-lite
Signed-off-by: Michael Chang <mchang@suse.com>
---
grub-core/kern/emu/cache_s.S | 5 +++++
grub-core/lib/setjmp.S | 4 ++++
2 files changed, 9 insertions(+)
Index: grub-2.04/grub-core/kern/emu/cache_s.S
===================================================================
--- grub-2.04.orig/grub-core/kern/emu/cache_s.S
+++ grub-2.04/grub-core/kern/emu/cache_s.S
@@ -2,6 +2,11 @@
#error "This source is only meant for grub-emu platform"
#endif
+/* An executable stack is not required for these functions */
+#if defined (__linux__) && defined (__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
#if defined(__i386__) || defined(__x86_64__)
/* Nothing is necessary. */
#elif defined(__sparc__)
Index: grub-2.04/grub-core/lib/setjmp.S
===================================================================
--- grub-2.04.orig/grub-core/lib/setjmp.S
+++ grub-2.04/grub-core/lib/setjmp.S
@@ -1,3 +1,7 @@
+/* An executable stack is not required for these functions */
+#if defined (__linux__) && defined (__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
#if defined(__i386__)
#include "./i386/setjmp.S"
#elif defined(__x86_64__)
View Git Blame Copy Permalink