[CRIU] Re: [PATCH] make: Disable stack executable bit
Pavel Emelyanov
xemul at parallels.com
Sun Jul 22 23:03:52 EDT 2012
On 07/20/2012 04:04 PM, Cyrill Gorcunov wrote:
> Otherwise crtools built with stack executable, in result
> kernel sets up
>
> current->personality |= READ_IMPLIES_EXEC;
>
> when our crtools get loaded into memory and mmap
> calls in restorer create VMAs with EXEC bit set.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
Applied
> ---
> Makefile.pie | 2 +-
> Makefile.syscall | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile.pie b/Makefile.pie
> index d349425..6f6a3d4 100644
> --- a/Makefile.pie
> +++ b/Makefile.pie
> @@ -24,7 +24,7 @@ DEPS += $(patsubst %.o,%.d,$(POBJS))
> DEPS += $(patsubst %.o,%.d,$(ROBJS))
>
> PIELDS := pie.lds.S
> -PIEFLAGS := -fpie
> +PIEFLAGS := -fpie -Wa,--noexecstack
> ASMFLAGS := -D__ASSEMBLY__
>
> $(PASM-OBJS): $(PASM-SRC) $(SYS-OBJ)
> diff --git a/Makefile.syscall b/Makefile.syscall
> index d307ebd..29e61a7 100644
> --- a/Makefile.syscall
> +++ b/Makefile.syscall
> @@ -10,7 +10,7 @@ SYS-GEN := syscalls-x86-64.sh
>
> SYS-OBJ := $(patsubst %.S,%.o,$(SYS-ASM))
>
> -SYS-FLAGS := -fpie -Wstrict-prototypes -D__ASSEMBLY__ -nostdlib -fomit-frame-pointer
> +SYS-FLAGS := -fpie -Wstrict-prototypes -Wa,--noexecstack -D__ASSEMBLY__ -nostdlib -fomit-frame-pointer
>
> $(SYS-ASM): $(SYS-GEN) $(SYS-DEF) $(SYS-ASM-COMMON) $(SYS-TYPES)
> $(E) " GEN " $@
More information about the CRIU
mailing list