Skip to content

Commit c852555

Browse files
jjhelmusDidah
jjhelmus
authored and
Didah
committed
include noexecstack hardening flag on Linux (astral-sh#1064)
Mark the stack memory as non-executable using the '-Wl,-z,noexecstack' flag on aarch64 and x86_64 linux platforms. Other linux targets are cross-compiled, this flag is left off for the time being. closes astral-sh#1061
1 parent 9362553 commit c852555

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

cpython-unix/targets.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,9 @@ aarch64-unknown-linux-gnu:
136136
- '-mno-omit-leaf-frame-pointer'
137137
# Needed to prevent BOLT from crashing.
138138
- '-fdebug-default-version=4'
139+
target_ldflags:
140+
# Hardening
141+
- '-Wl,-z,noexecstack'
139142
needs:
140143
- autoconf
141144
- bdb
@@ -585,6 +588,9 @@ x86_64-unknown-linux-gnu:
585588
- '-mno-omit-leaf-frame-pointer'
586589
# Needed to prevent BOLT from crashing.
587590
- '-fdebug-default-version=4'
591+
target_ldflags:
592+
# Hardening
593+
- '-Wl,-z,noexecstack'
588594
needs:
589595
- autoconf
590596
- bdb
@@ -636,6 +642,9 @@ x86_64_v2-unknown-linux-gnu:
636642
- '-mno-omit-leaf-frame-pointer'
637643
# Needed to prevent BOLT from crashing.
638644
- '-fdebug-default-version=4'
645+
target_ldflags:
646+
# Hardening
647+
- '-Wl,-z,noexecstack'
639648
needs:
640649
- autoconf
641650
- bdb
@@ -687,6 +696,9 @@ x86_64_v3-unknown-linux-gnu:
687696
- '-mno-omit-leaf-frame-pointer'
688697
# Needed to prevent BOLT from crashing.
689698
- '-fdebug-default-version=4'
699+
target_ldflags:
700+
# Hardening
701+
- '-Wl,-z,noexecstack'
690702
needs:
691703
- autoconf
692704
- bdb
@@ -738,6 +750,9 @@ x86_64_v4-unknown-linux-gnu:
738750
- '-mno-omit-leaf-frame-pointer'
739751
# Needed to prevent BOLT from crashing.
740752
- '-fdebug-default-version=4'
753+
target_ldflags:
754+
# Hardening
755+
- '-Wl,-z,noexecstack'
741756
needs:
742757
- autoconf
743758
- bdb
@@ -786,6 +801,9 @@ x86_64-unknown-linux-musl:
786801
# Enable frame pointers
787802
- '-fno-omit-frame-pointer'
788803
- '-mno-omit-leaf-frame-pointer'
804+
target_ldflags:
805+
# Hardening
806+
- '-Wl,-z,noexecstack'
789807
needs:
790808
- autoconf
791809
- bdb
@@ -835,6 +853,9 @@ x86_64_v2-unknown-linux-musl:
835853
# Enable frame pointers
836854
- '-fno-omit-frame-pointer'
837855
- '-mno-omit-leaf-frame-pointer'
856+
target_ldflags:
857+
# Hardening
858+
- '-Wl,-z,noexecstack'
838859
needs:
839860
- autoconf
840861
- bdb
@@ -884,6 +905,9 @@ x86_64_v3-unknown-linux-musl:
884905
# Enable frame pointers
885906
- '-fno-omit-frame-pointer'
886907
- '-mno-omit-leaf-frame-pointer'
908+
target_ldflags:
909+
# Hardening
910+
- '-Wl,-z,noexecstack'
887911
needs:
888912
- autoconf
889913
- bdb
@@ -933,6 +957,9 @@ x86_64_v4-unknown-linux-musl:
933957
# Enable frame pointers
934958
- '-fno-omit-frame-pointer'
935959
- '-mno-omit-leaf-frame-pointer'
960+
target_ldflags:
961+
# Hardening
962+
- '-Wl,-z,noexecstack'
936963
needs:
937964
- autoconf
938965
- bdb
@@ -985,6 +1012,9 @@ aarch64-unknown-linux-musl:
9851012
# Enable frame pointers
9861013
- '-fno-omit-frame-pointer'
9871014
- '-mno-omit-leaf-frame-pointer'
1015+
target_ldflags:
1016+
# Hardening
1017+
- '-Wl,-z,noexecstack'
9881018
needs:
9891019
- autoconf
9901020
- bdb

0 commit comments

Comments
 (0)