Skip to content

Commit 5bf3a6f

Browse files
jjhelmusjjhelmus
authored
include noexecstack hardening flag on Linux (#1064)
Mark the stack memory as non-executable using the '-Wl,-z,noexecstack' flag on aarch64 and x86_64 linux platforms. Other linux targets are cross-compiled, this flag is left off for the time being. closes #1061
1 parent 024c5b8 commit 5bf3a6f

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

cpython-unix/targets.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,9 @@ aarch64-unknown-linux-gnu:
136136
- '-mno-omit-leaf-frame-pointer'
137137
# Needed to prevent BOLT from crashing.
138138
- '-fdebug-default-version=4'
139+
target_ldflags:
140+
# Hardening
141+
- '-Wl,-z,noexecstack'
139142
needs:
140143
- autoconf
141144
- bdb
@@ -575,6 +578,9 @@ x86_64-unknown-linux-gnu:
575578
- '-mno-omit-leaf-frame-pointer'
576579
# Needed to prevent BOLT from crashing.
577580
- '-fdebug-default-version=4'
581+
target_ldflags:
582+
# Hardening
583+
- '-Wl,-z,noexecstack'
578584
needs:
579585
- autoconf
580586
- bdb
@@ -625,6 +631,9 @@ x86_64_v2-unknown-linux-gnu:
625631
- '-mno-omit-leaf-frame-pointer'
626632
# Needed to prevent BOLT from crashing.
627633
- '-fdebug-default-version=4'
634+
target_ldflags:
635+
# Hardening
636+
- '-Wl,-z,noexecstack'
628637
needs:
629638
- autoconf
630639
- bdb
@@ -675,6 +684,9 @@ x86_64_v3-unknown-linux-gnu:
675684
- '-mno-omit-leaf-frame-pointer'
676685
# Needed to prevent BOLT from crashing.
677686
- '-fdebug-default-version=4'
687+
target_ldflags:
688+
# Hardening
689+
- '-Wl,-z,noexecstack'
678690
needs:
679691
- autoconf
680692
- bdb
@@ -725,6 +737,9 @@ x86_64_v4-unknown-linux-gnu:
725737
- '-mno-omit-leaf-frame-pointer'
726738
# Needed to prevent BOLT from crashing.
727739
- '-fdebug-default-version=4'
740+
target_ldflags:
741+
# Hardening
742+
- '-Wl,-z,noexecstack'
728743
needs:
729744
- autoconf
730745
- bdb
@@ -772,6 +787,9 @@ x86_64-unknown-linux-musl:
772787
# Enable frame pointers
773788
- '-fno-omit-frame-pointer'
774789
- '-mno-omit-leaf-frame-pointer'
790+
target_ldflags:
791+
# Hardening
792+
- '-Wl,-z,noexecstack'
775793
needs:
776794
- autoconf
777795
- bdb
@@ -820,6 +838,9 @@ x86_64_v2-unknown-linux-musl:
820838
# Enable frame pointers
821839
- '-fno-omit-frame-pointer'
822840
- '-mno-omit-leaf-frame-pointer'
841+
target_ldflags:
842+
# Hardening
843+
- '-Wl,-z,noexecstack'
823844
needs:
824845
- autoconf
825846
- bdb
@@ -868,6 +889,9 @@ x86_64_v3-unknown-linux-musl:
868889
# Enable frame pointers
869890
- '-fno-omit-frame-pointer'
870891
- '-mno-omit-leaf-frame-pointer'
892+
target_ldflags:
893+
# Hardening
894+
- '-Wl,-z,noexecstack'
871895
needs:
872896
- autoconf
873897
- bdb
@@ -916,6 +940,9 @@ x86_64_v4-unknown-linux-musl:
916940
# Enable frame pointers
917941
- '-fno-omit-frame-pointer'
918942
- '-mno-omit-leaf-frame-pointer'
943+
target_ldflags:
944+
# Hardening
945+
- '-Wl,-z,noexecstack'
919946
needs:
920947
- autoconf
921948
- bdb
@@ -967,6 +994,9 @@ aarch64-unknown-linux-musl:
967994
# Enable frame pointers
968995
- '-fno-omit-frame-pointer'
969996
- '-mno-omit-leaf-frame-pointer'
997+
target_ldflags:
998+
# Hardening
999+
- '-Wl,-z,noexecstack'
9701000
needs:
9711001
- autoconf
9721002
- bdb

0 commit comments

Comments
 (0)