diff options
Diffstat (limited to 'tags/e/executable-stack-in-shared-library.tag')
| -rw-r--r-- | tags/e/executable-stack-in-shared-library.tag | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tags/e/executable-stack-in-shared-library.tag b/tags/e/executable-stack-in-shared-library.tag new file mode 100644 index 0000000..bc5544b --- /dev/null +++ b/tags/e/executable-stack-in-shared-library.tag @@ -0,0 +1,20 @@ +Tag: executable-stack-in-shared-library +Severity: warning +Check: libraries/shared/stack +Renamed-From: + shlib-with-executable-stack +Explanation: The listed shared library declares the stack as executable. + . + Executable stack is usually an error as it is only needed if the code + contains GCC trampolines or similar constructs which uses code on the + stack. One possible source for false positives are object files built + from assembler files which don't define a proper .note.GNU-stack + section. + . + To see the permissions on the stack, run <code>readelf -l</code> on the + shared library and look for the program header of type GNU_STACK. In the + flag column, there should not be an E flag set. + . + This tag is currently not emitted on MIPS architectures. +See-Also: https://bugs.debian.org/1025436, + https://bugs.debian.org/1022787 |