[nuitka-dev] Nuitka compiles with executable stack which is a security risk

  • From: hgn <hgn@xxxxxxxxxx>
  • To: nuitka-dev@xxxxxxxxxxxxx
  • Date: Wed, 01 May 2019 20:05:25 +0200

Hello nuitka-list,

I compile my software with

python3 -m nuitka --recurse-all --python-flag -O --warn-unusual-code --warn-implicit-exceptions --recurse-not-to=PyQt5 --show-progress --show-modules --file-reference-choice=runtime $(PROGRAM)

Nuitka3 is 0.6.3, GCC is 8.3.0, Python 3.7.3  (Arch Linux)

An attempt at packaging was made by a third party and I was warned that my binary has an "executable stack".

You can check it
readelf -lW fluajho.bin | grep GNU_STACK

if the 'E' appears as flag. Like this:
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10

Is this needed for Nuitka? Anything I can do on my end?

For reference:
https://www.win.tue.nl/~aeb/linux/hh/protection.html

Yours, hgn

Other related posts: