[sheepdog] [PATCH stable-0.8 16/22] lib: Remove executable stack comming from sha1_ssse3.S

Hitoshi Mitake mitake.hitoshi at lab.ntt.co.jp
Mon Feb 24 08:07:04 CET 2014


From: Marcin Mirosław <marcin at mejor.pl>

Executable stack can be security hole, EX stack prevents working of NX.
More information can be found here:
https://wiki.gentoo.org/wiki/Project:Hardened/GNU_stack_quickstart
https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities#Introduction

i686 architecture wasn't affected.

Signed-off-by: Marcin Mirosław <marcin at mejor.pl>
Signed-off-by: Liu Yuan <namei.unix at gmail.com>
---
 lib/sha1_ssse3.S |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/sha1_ssse3.S b/lib/sha1_ssse3.S
index 22ce597..a9ce142 100644
--- a/lib/sha1_ssse3.S
+++ b/lib/sha1_ssse3.S
@@ -562,3 +562,7 @@ W_PRECALC_AVX
  *                                     unsigned int rounds);
  */
 SHA1_VECTOR_ASM     sha1_transform_avx
+
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
-- 
1.7.10.4




More information about the sheepdog mailing list