aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuel Neves <[email protected]>2020-08-23 22:25:15 +0100
committerSamuel Neves <[email protected]>2020-08-23 22:32:36 +0100
commitadbf07d67a1f08c40e1c7ff60845519f81e0254f (patch)
tree7bc2d8a834b75311522e0c2fdea2118f160243ba
parent8dc30a27374d2e06c9a734db1dead2320c736564 (diff)
Fix #109
The default executable stack setting on Linux can be fixed in two different ways: - By adding the `.section .note.GNU-stack,"",%progbits` special incantation - By passing the `--noexecstack` flag to the assembler This patch implements both, but only one of them is strictly necessary. I've also added some additional hardening flags to the Makefile. May not be portable.
Diffstat
-rw-r--r--c/Makefile.testing11
-rw-r--r--c/blake3_avx2_x86-64_unix.S4
-rw-r--r--c/blake3_avx512_x86-64_unix.S4
-rw-r--r--c/blake3_sse41_x86-64_unix.S4
4 files changed, 18 insertions, 5 deletions
diff --git a/c/Makefile.testing b/c/Makefile.testing
index 18245c7..bbdc077 100644
--- a/c/Makefile.testing
+++ b/c/Makefile.testing
@@ -3,10 +3,11 @@
NAME=blake3
CC=gcc
-CFLAGS=-O3 -Wall -Wextra -std=c11 -pedantic
+CFLAGS=-O3 -Wall -Wextra -std=c11 -pedantic -fstack-protector-strong -D_FORTIFY_SOURCE=2 -fPIE -fvisibility=hidden
+LDFLAGS=-pie -Wl,-z,relro,-z,now
TARGETS=
ASM_TARGETS=
-EXTRAFLAGS=
+EXTRAFLAGS=-Wa,--noexecstack
ifdef BLAKE3_NO_SSE41
EXTRAFLAGS += -DBLAKE3_NO_SSE41
@@ -35,7 +36,7 @@ TARGETS += blake3_neon.o
endif
all: blake3.c blake3_dispatch.c blake3_portable.c main.c $(TARGETS)
- $(CC) $(CFLAGS) $(EXTRAFLAGS) $^ -o $(NAME)
+ $(CC) $(CFLAGS) $(EXTRAFLAGS) $^ -o $(NAME) $(LDFLAGS)
blake3_sse41.o: blake3_sse41.c
$(CC) $(CFLAGS) $(EXTRAFLAGS) -c $^ -o $@ -msse4.1
@@ -54,9 +55,9 @@ test: all
./test.py
asm: blake3.c blake3_dispatch.c blake3_portable.c main.c $(ASM_TARGETS)
- $(CC) $(CFLAGS) $(EXTRAFLAGS) $^ -o $(NAME)
+ $(CC) $(CFLAGS) $(EXTRAFLAGS) $^ -o $(NAME) $(LDFLAGS)
-test_asm: CFLAGS += -DBLAKE3_TESTING -fsanitize=address,undefined
+test_asm: CFLAGS += -DBLAKE3_TESTING -fsanitize=address,undefined
test_asm: asm
./test.py
diff --git a/c/blake3_avx2_x86-64_unix.S b/c/blake3_avx2_x86-64_unix.S
index 14dcf5b..812bb85 100644
--- a/c/blake3_avx2_x86-64_unix.S
+++ b/c/blake3_avx2_x86-64_unix.S
@@ -1,3 +1,7 @@
+#if defined(__ELF__) && defined(__linux__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
#if defined(__ELF__) && defined(__CET__) && defined(__has_include)
#if __has_include(<cet.h>)
#include <cet.h>
diff --git a/c/blake3_avx512_x86-64_unix.S b/c/blake3_avx512_x86-64_unix.S
index fb28d23..a06aede 100644
--- a/c/blake3_avx512_x86-64_unix.S
+++ b/c/blake3_avx512_x86-64_unix.S
@@ -1,3 +1,7 @@
+#if defined(__ELF__) && defined(__linux__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
#if defined(__ELF__) && defined(__CET__) && defined(__has_include)
#if __has_include(<cet.h>)
#include <cet.h>
diff --git a/c/blake3_sse41_x86-64_unix.S b/c/blake3_sse41_x86-64_unix.S
index 41a1eb2..a3ff642 100644
--- a/c/blake3_sse41_x86-64_unix.S
+++ b/c/blake3_sse41_x86-64_unix.S
@@ -1,3 +1,7 @@
+#if defined(__ELF__) && defined(__linux__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
#if defined(__ELF__) && defined(__CET__) && defined(__has_include)
#if __has_include(<cet.h>)
#include <cet.h>
generated by cgit v1.2.3 (git 2.46.0) at 2026-01-26 22:20:53 +0000