all binaries built by ghc have executable stacks

[duncan]

Non-executable stacks

The GNU toolchain supports marking object files that do not need to use an executable stack. Currently all object files produced by GHC lack these notes and so the linker defaults to using an executable stack for the resulting binary.

This makes some people grumpy. In particular it makes the Gentoo QA people grumpy. :-)

The long story:  http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

The quick story: Every .S file produced by ghc should include:

.section .note.GNU-stack,"",@progbits

Currently this does not happen for either -fasm or -fvia-C.

For -fasm

ghc simply does not emit the .section .note.GNU-stack stuff into the assembly output.

For -fvia-C

ghc emits C which is then compiled by gcc. The resulting .raw_s file does contain the .section .note.GNU-stack. However ghc then runs the generated assembly through the "evil mangler" which doesn't grok the .section .note.GNU-stack and does not emit it to the final assembly file.

So the solution is to get ghc to emit the .note.GNU-stack in it's native code geneerator and to modify the evil mangler to pass the .note.GNU-stack through to the output.

We may still have a problem with the "split objs" feature (which ghc uses for its own libraries). Hopefully it'd just be a matter of adding .note.GNU-stack to each .s file that is spat out by ghc -split-objs.

---

For reference see  http://bugs.gentoo.org/show_bug.cgi?id=123698

[duncan]

I think we'll not be able to supply a patch for this one before 6.6. Lets punt to 6.6.1.

[igloo]

This is fixed by:

Mon Jan  8 12:26:42 GMT 2007  Ian Lynagh <igloo@earth.li>
  * Have the mangler keep .note.GNU-stack

Mon Jan  8 12:59:16 GMT 2007  Ian Lynagh <igloo@earth.li>
  * Have the splitter duplicate the .note.GNU-stack

in the head.

[igloo]

Merged to the 6.6 branch.