[gtk/noexecstack] Make our stack noexec

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk/noexecstack] Make our stack noexec
Date: Tue, 4 Jan 2022 12:53:47 +0000 (UTC)


commit 46509b6dd28c58ae8dd7e2c02a82a3ccb2751e88
Author: Matthias Clasen <mclasen redhat com>
Date:   Tue Jan 4 07:51:56 2022 -0500

    Make our stack noexec
    
    The change to use ld and objcopy for resources
    had some side-effects: it leaked a few symbols
    and made our stack executable. We don't want that.
    
    Use -z nonexecstack and --strip-all to avoid this.
    
    Fixes: #4598

 gtk/meson.build | 2 ++
 1 file changed, 2 insertions(+)
---
diff --git a/gtk/meson.build b/gtk/meson.build
index 91aefe1b17..6ce2c18320 100644
--- a/gtk/meson.build
+++ b/gtk/meson.build
@@ -927,6 +927,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
       input : gtk_gresource,
       output : 'gtkresources_blob.o',
       command : [ld,
+                 '-z', 'noexecstack',
                  '-r',
                  '-b','binary',
                  '@INPUT@',
@@ -937,6 +938,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
     input : gtk_resources_binary,
     output : 'gtkresources_blob2.o',
     command : [objcopy,
+                 '--strip-all',
                  '--add-symbol','_gtk_resource_data=.data:0',
                  '@INPUT@',
                  '@OUTPUT@'])

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]