Date: Thu, 17 Apr 2025 18:07:23 -0600 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Warner Losh <imp@freebsd.org>, src-committers <src-committers@freebsd.org>, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, "<dev-commits-src-main@freebsd.org>" <dev-commits-src-main@freebsd.org> Subject: Re: git: 58c99df2196c - main - kboot: .note.GNU-stack is needed Message-ID: <CANCZdfrnsU9_yzL0ueQtV332UoqDjb_rNFLoKcb0%2Bm7-6BR8hg@mail.gmail.com> In-Reply-To: <3xjl6lsx2v6psvxfqeweu36wg5zdom5ew3xktvjj4a7tj7gjfe@hm2wxhn3ne4c> References: <202504172159.53HLx828002496@gitrepo.freebsd.org> <3xjl6lsx2v6psvxfqeweu36wg5zdom5ew3xktvjj4a7tj7gjfe@hm2wxhn3ne4c>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000002a82b40633024e31 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 17, 2025, 4:26=E2=80=AFPM Shawn Webb <shawn.webb@hardenedbsd.or= g> wrote: > On Thu, Apr 17, 2025 at 09:59:08PM +0000, Warner Losh wrote: > > The branch main has been updated by imp: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3D58c99df2196c5564a6922dcfe4d0338= 7cebdd10c > > > > commit 58c99df2196c5564a6922dcfe4d03387cebdd10c > > Author: Warner Losh <imp@FreeBSD.org> > > AuthorDate: 2025-04-17 04:03:26 +0000 > > Commit: Warner Losh <imp@FreeBSD.org> > > CommitDate: 2025-04-17 21:56:45 +0000 > > > > kboot: .note.GNU-stack is needed > > > > Add '.section .note.GNU-stack,"",%progbits' to all assembler. Newer > > versions of clang complain when this isn't present because executab= le > > stacks are going away in the future. We don't need an executable > stack > > anyway. > > Just a little data point: HardenedBSD has lived without the ability to > mark the stack as executable for nearly a decade now. I'm pretty sure > it should be safe for FreeBSD to remove support for it as well, at > least for amd64, arm64, and likely also riscv. The only outlier might > be i386, but that no longer enjoys Tier 1 status on FreeBSD. > This code is for a linux binary. And i just added these to avoid new warnings. Warner Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > Signal Username: shawn_webb.74 > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0= 3A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc > --0000000000002a82b40633024e31 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div><br><br><div class=3D"gmail_quote gmail_quote_contai= ner"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Apr 17, 2025, 4:26=E2=80= =AFPM Shawn Webb <<a href=3D"mailto:shawn.webb@hardenedbsd.org">shawn.we= bb@hardenedbsd.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote= " style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">O= n Thu, Apr 17, 2025 at 09:59:08PM +0000, Warner Losh wrote:<br> > The branch main has been updated by imp:<br> > <br> > URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3D58c99df2196c= 5564a6922dcfe4d03387cebdd10c" rel=3D"noreferrer noreferrer" target=3D"_blan= k">https://cgit.FreeBSD.org/src/commit/?id=3D58c99df2196c5564a6922dcfe4d033= 87cebdd10c</a><br> > <br> > commit 58c99df2196c5564a6922dcfe4d03387cebdd10c<br> > Author:=C2=A0 =C2=A0 =C2=A0Warner Losh <imp@FreeBSD.org><br> > AuthorDate: 2025-04-17 04:03:26 +0000<br> > Commit:=C2=A0 =C2=A0 =C2=A0Warner Losh <imp@FreeBSD.org><br> > CommitDate: 2025-04-17 21:56:45 +0000<br> > <br> >=C2=A0 =C2=A0 =C2=A0kboot: .note.GNU-stack is needed<br> >=C2=A0 =C2=A0 =C2=A0<br> >=C2=A0 =C2=A0 =C2=A0Add '.section .note.GNU-stack,"",%pro= gbits' to all assembler. Newer<br> >=C2=A0 =C2=A0 =C2=A0versions of clang complain when this isn't pres= ent because executable<br> >=C2=A0 =C2=A0 =C2=A0stacks are going away in the future. We don't n= eed an executable stack<br> >=C2=A0 =C2=A0 =C2=A0anyway.<br> <br> Just a little data point: HardenedBSD has lived without the ability to<br> mark the stack as executable for nearly a decade now. I'm pretty sure<b= r> it should be safe for FreeBSD to remove support for it as well, at<br> least for amd64, arm64, and likely also riscv. The only outlier might<br> be i386, but that no longer enjoys Tier 1 status on FreeBSD.<br></blockquot= e></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">This code is fo= r a linux binary. And i just added these to avoid new warnings.</div><div d= ir=3D"auto"><br></div><div dir=3D"auto">Warner</div><div dir=3D"auto"><br><= /div><div dir=3D"auto"><div class=3D"gmail_quote gmail_quote_container"><bl= ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #= ccc solid;padding-left:1ex"> Thanks,<br> <br> -- <br> Shawn Webb<br> Cofounder / Security Engineer<br> HardenedBSD<br> <br> Signal Username:=C2=A0 shawn_webb.74<br> Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50<br> <a href=3D"https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc" rel=3D"noreferrer= noreferrer" target=3D"_blank">https://git.hardenedbsd.org/hardenedbsd/pubk= eys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.as= c</a><br> </blockquote></div></div></div> --0000000000002a82b40633024e31--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrnsU9_yzL0ueQtV332UoqDjb_rNFLoKcb0%2Bm7-6BR8hg>