July 27, 2011 Re: ELF object files: executable stack and security risk? | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | Am 27.07.2011, 06:12 Uhr, schrieb Walter Bright <newshound2@digitalmars.com>:
> On 7/26/2011 7:06 PM, bearophile wrote:
>> Walter:
>>
>>> Hmm. D is supposed to link with gcc code, so that could be an issue.
>>
>> How?
>
> I believe Marco explained that: "GNU C closures need an executable stack"
If these nested functions / closures were used in any of my installed packages I would have gotten the same warnings as for dmd. We are dealing with a rarely used GNU only (in other words non-portable) feature that makes C programs arguably more vulnerable. This extension I think, could actually be ignored. From what I've read its usually assembly files that are assembled without a .note.GNU-stack section hint that end up with an executable stack for the benefit of doubt.
Ignorant of all that, isn't this solely a linker issue and has nothing to do with dmd?
| |||
Permalink
ReplyJuly 27, 2011 Re: ELF object files: executable stack and security risk? | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Kagamin | On 7/26/2011 11:15 PM, Kagamin wrote:
> Do you consider code working with arrays and compiled in release mode safe?
In D2, you have to specifically use -noboundscheck to turn off array bounds checking.
| |||
Copyright © 1999-2021 by the D Language Foundation