executable stack flag

Edward Z. Yang ezyang at MIT.EDU
Tue Jul 9 08:07:18 CEST 2013


I took a look at the logs and none mentioned 'Hey, so it turns out
we need executable stack for this', and as recently as Sep 17, 2011
there are patches for turning off executable stack (courtesy Gentoo).  So probably it
is just a regression, someone added some code which didn't turn off
executable stacks...

Edward

Excerpts from Jens Petersen's message of Mon Jul 08 21:36:42 -0700 2013:
> Hi,
> 
> We noticed [1] in Fedora that ghc (7.4 and 7.6) are linking executables
> (again [2]) with the executable stack flag set. I haven't starting looking
> at the ghc code yet but wanted to ask first if it is intentional/necessary?
>  (ghc-7.0 doesn't seem to do this.) Having the flag set is considered a bit
> of a security risk so it would be better if all generated executable did
> not have it set.
> 
> I did some very basic testing of various executables, clearing their
> flags [3] and they all seemed to run ok without the executable stack flag
> set but I can't claim to have tested very exhaustively. (I thought perhaps
> it might be related to TemplateHaskell for example but even those
> executables seem to work, though I am sure I have not exercised all the
> code paths.)
> 
> Does someone know the current status of this?
> Will anything break if the flag is not set?
> Is it easy to patch ghc to not set the flag?
> Does it only affect the NCG backend?
> 
> Thanks, Jens
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=973512
> [2] http://ghc.haskell.org/trac/ghc/ticket/703
> [3] using "execstack -c"



More information about the Glasgow-haskell-users mailing list