[Cin] executable stacks are bad...m-kay?

Andrew Randrianasulu randrianasulu at gmail.com
Wed Jan 11 13:37:58 CET 2023 

ср, 11 янв. 2023 г., 13:30 Andrew Randrianasulu <randrianasulu at gmail.com>:

>
>
> ср, 11 янв. 2023 г., 13:03 Rob Prowel via Cin <cin at lists.cinelerra-gg.org
> >:
>
>> Thought this went away in my Jan-2023 git pull, but apparently not.
>> Looked in my dmesg output and saw this again.
>>
>> process 'sharebin/cingg2301/bin/cin' started with executable stack
>>
>> Why?  A consequence of the plug-in system? a poorly designed 3rdparty
>> library? an oversight?
>>
>>
>> --
>>
>
> I think this is due to embedding icon 'object' (lots of png files
> concatenated) into main executable ...
>
> from cinelerra/Makefile
>
> $(THEME_DATA):
>         cd $(OBJDIR) && \
>         $(GUICAST)/$(OBJDIR)/bootstrap theme_data.o
> $(TOPDIR)/picon/cinfinity/*.png
>
> (also I thought we hoped to optipng them, if quality not suffer ...)
>



can you check if something like attached patch fixes it for you?

i hope it was only o file with missing GNU.stack

~/cinelerra/cinelerra-5.1 $ readelf -SW cinelerra/aarch64/*.o | grep note |
wc -l
  374
                  ~/cinelerra/cinelerra-5.1 $ ls cinelerra/aarch64/*.o | wc
-l
 375

readelf line from

https://www.redhat.com/en/blog/linkers-warnings-about-executable-stacks-and-segments

linker flag from

 https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

note, old linkers may dislike this and also it seems clang linker (lld)
default on termux does this by default ....

>
> stack segments are generally marked as no-exec to protect against using
>> them to execute rogue instructions by saving those instructions in
>> auto-vars on the stack that could be executed by fudging the return
>> address of a function.
>>
>> Just looking for an acknowledgement of this, and any relevant related
>> history at this point.
>>
>>
>> --
>> Cin mailing list
>> Cin at lists.cinelerra-gg.org
>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20230111/b2ac299b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-noexecstack-by-default-in-cinelerra-Makefile.patch
Type: application/x-patch
Size: 717 bytes
Desc: not available
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20230111/b2ac299b/attachment.bin>

More information about the Cin mailing list