Re: git: 58c99df2196c - main - kboot: .note.GNU-stack is needed

Reply: Warner Losh : "Re: git: 58c99df2196c - main - kboot: .note.GNU-stack is needed"
In reply to: Warner Losh : "git: 58c99df2196c - main - kboot: .note.GNU-stack is needed"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 17 Apr 2025 22:26:39 UTC

On Thu, Apr 17, 2025 at 09:59:08PM +0000, Warner Losh wrote:
> The branch main has been updated by imp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=58c99df2196c5564a6922dcfe4d03387cebdd10c
> 
> commit 58c99df2196c5564a6922dcfe4d03387cebdd10c
> Author:     Warner Losh <imp@FreeBSD.org>
> AuthorDate: 2025-04-17 04:03:26 +0000
> Commit:     Warner Losh <imp@FreeBSD.org>
> CommitDate: 2025-04-17 21:56:45 +0000
> 
>     kboot: .note.GNU-stack is needed
>     
>     Add '.section .note.GNU-stack,"",%progbits' to all assembler. Newer
>     versions of clang complain when this isn't present because executable
>     stacks are going away in the future. We don't need an executable stack
>     anyway.

Just a little data point: HardenedBSD has lived without the ability to
mark the stack as executable for nearly a decade now. I'm pretty sure
it should be safe for FreeBSD to remove support for it as well, at
least for amd64, arm64, and likely also riscv. The only outlier might
be i386, but that no longer enjoys Tier 1 status on FreeBSD.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc