symcheck: Check for binaries requiring a writeable + executable stack#934
Merged
tgross35 merged 4 commits intorust-lang:mainfrom Feb 11, 2026
Merged
symcheck: Check for binaries requiring a writeable + executable stack#934tgross35 merged 4 commits intorust-lang:mainfrom
tgross35 merged 4 commits intorust-lang:mainfrom
Conversation
tgross35
force-pushed
the
check-wx-sections
branch
from
ada5714 to
9f44c32
Compare
Contributor
Author
|
Thumb makes sense to skip as a bare metal target. Note sure about ppc64 |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Contributor
Author
|
It seems like the PowerPC behavior is intentional; https://gcc.gnu.org/bugzilla/show_bug.cgi?id=21098 |
tgross35
force-pushed
the
check-wx-sections
branch
3 times, most recently
from
b6e06fd to
fea76d5
Compare
tgross35
force-pushed
the
check-wx-sections
branch
12 times, most recently
from
ca874ea to
fdb8c4e
Compare
tgross35
force-pushed
the
check-wx-sections
branch
from
fdb8c4e to
03b30f3
Compare
tgross35
force-pushed
the
check-wx-sections
branch
from
03b30f3 to
9fbb3cc
Compare
tgross35
force-pushed
the
check-wx-sections
branch
from
9fbb3cc to
efe2e7e
Compare
Collaborator
|
This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
tgross35
force-pushed
the
check-wx-sections
branch
5 times, most recently
from
8a4a1e9 to
f2baf7f
Compare
tgross35
force-pushed
the
check-wx-sections
branch
17 times, most recently
from
9268f62 to
e011e5d
Compare
tgross35
force-pushed
the
check-wx-sections
branch
from
3eb6181 to
929dd2e
Compare
PE executables don't seem to have anything in the symbol table. Don't assert that we find any symbols in this case, which allows using symcheck for executable binaries.
tgross35
force-pushed
the
check-wx-sections
branch
3 times, most recently
from
5947bdf to
20b54c0
Compare
Implement the following logic: * For elf executable binaries, check for PT_GNU_STACK with PF_X. This combination tells the kernel to make the stack executable. * For elf intermediate objects, check for `.note.GNU-stack` with SHF_EXECINSTR. This combination in an object file tells the linker to give the final binary PT_GNU_STACK PF_X. * For elf intermediate objects with no `.note.GNU-stack`, assume the legacy behavior that assumes an executable stack is required. * For non-elf binaries, don't check anything. In a follow up it may be possible to check for `MH_ALLOW_STACK_EXECUTION` on Mach-O binaries, but it doesn't seem possible to get the latest compiler to emit this. This appears to match what is done by `scanelf` to emit `!WX` [1], which seems to be the tool used to create the output in the issue. The ld manpage [2] also has some useful notes about these flags, as does the presentation at [3]. Closes: rust-lang#183 [1]: https://github.com/gentoo/pax-utils/blob/9ef54b472e42ba2c5479fbd86b8be2275724b064/scanelf.c [2]: https://man7.org/linux/man-pages/man1/ld.1.html [3]: https://www.ndss-symposium.org/wp-content/uploads/6D-s0924-ye.pdf
tgross35
force-pushed
the
check-wx-sections
branch
from
20b54c0 to
e78f15f
Compare
tgross35
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement the following logic:
combination tells the kernel to make the stack executable.
.note.GNU-stackwithSHF_EXECINSTR. This combination in an object file tells the linker to
give the final binary PT_GNU_STACK PF_X.
.note.GNU-stack, assume thelegacy behavior that assumes an executable stack is required.
possible to check for
MH_ALLOW_STACK_EXECUTIONon Mach-O binaries,but it doesn't seem possible to get the latest compiler to emit this.
This appears to match what is done by
scanelfto emit!WX1, whichseems to be the tool used to create the output in the issue. The ld
manpage 2 also has some useful notes about these flags, as does the
presentation at 3.
Closes: #183