Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libcgo.so contains writable and executable sections #1246

Closed
gopherbot opened this issue Nov 2, 2010 · 4 comments
Closed

libcgo.so contains writable and executable sections #1246

gopherbot opened this issue Nov 2, 2010 · 4 comments

Comments

@gopherbot
Copy link
Contributor

by w.d.hubbs:

This is another issue the gentoo linux package manager flags when I try to build go. for
our information on this, see
http://hardened.gentoo.org/gnu-stack.xml.

The affected files are:
src/libcgo/386.S, src/libcgo/amd64.S and src/libcgo/arm.S.

The fix, if you did not intend to have an executable stack, is to put the following
snippet somewhere in these .S files.

#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

I did not write a patch because I'm not familiar enough with assembly programming to
know if there is a particular spot in the source files where something like this should
go.

Can someone take a look at this?

Thanks much,

William
@rsc
Copy link
Contributor

rsc commented Nov 3, 2010

Comment 1:

Is Gentoo okay with the fact that Go mmap's all its allocated data read-write-execute?
If so, why is libcgo.so a problem?
If not, then hardened Gentoo won't be able to run Go anyway.

@rsc
Copy link
Contributor

rsc commented Nov 3, 2010

Comment 2:

Status changed to WaitingForReply.

@gopherbot
Copy link
Contributor Author

Comment 3 by w.d.hubbs:

This #if directive, which I have found needs to be added at the end of the .S files I
listed above, marks the stack region to be non-executable, so that if someone tries to
execute machine code in the stack region of memory it will cause an exception.  Without
it, for assembly code, gcc assumes that it is ok for the stack to be executable.
Does Go ever need to execute machine code that is directly stored in the stack region?
For more info on this, you might want to take a look at the article on wikipedia about
"Executable space protection".
What do you think?  Do you need more information?  Can you please consider adding this
if Go does not need the stack to be executable?
Thanks much,
William

@rsc
Copy link
Contributor

rsc commented Dec 16, 2010

Comment 4:

libcgo.so is no more

Status changed to Fixed.

@golang golang locked and limited conversation to collaborators Jun 24, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants