Ensure build without an executable stack (fixes #1285) (#1294)

* Ensure build without an executable stack (fixes #1285) Until it is clear why the shared library on mips64el and hppa is built with the executable bit set for the stack, build with both `-Wa,--noexecstack` (for the assembler) and `-Wl,-z,--noexecstack` (for the linker). * Check if compiler/linker support flags for noexecstack before using them * Add a warning if unable to check for support
2025-10-16 00:03:40 -04:00 · 2022-08-31 06:41:28 +02:00 · 2022-08-31 06:41:28 +02:00 · 9ee96d803e
commit 9ee96d803e
parent c5b8cfe478
1 changed files with 28 additions and 2 deletions
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@ -11,6 +11,22 @@
 # If OQS_OPT_TARGET=auto we target the current CPU.
 # If OQS_OPT_TARGET=generic we target a generic CPU.
 # Otherwise we target the specified CPU.
+
+include(CheckCCompilerFlag)
+check_c_compiler_flag("-Wa,--noexecstack" CC_SUPPORTS_WA_NOEXECSTACK)
+
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.18")
+    include(CheckLinkerFlag)
+    check_linker_flag(C "-Wl,-z,noexecstack" LD_SUPPORTS_WL_Z_NOEXECSTACK)
+elseif(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14")
+    set(TMP_TESTDIR "${CMAKE_BINARY_DIR}/test_noexecstack")
+    file(WRITE "${TMP_TESTDIR}/test.c" "int main() { return 0; }\n")
+    try_compile(LD_SUPPORTS_WL_Z_NOEXECSTACK "${TMP_TESTDIR}" "${TMP_TESTDIR}/test.c" LINK_OPTIONS "-Wl,-z,noexecstack")
+else()
+    message(WARNING "Unable to check if '-Wl,-z,noexecstack' is supported.")
+    set(LD_SUPPORTS_WL_Z_NOEXECSTACK FALSE)
+endif()
+
 set(OQS_OPT_FLAG "")
 if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
    if(${OQS_DIST_BUILD})
@ -67,7 +83,12 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
    add_compile_options(-Wextra)
    add_compile_options(-Wpedantic)
    add_compile_options(-Wno-unused-command-line-argument)
-    set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+    if(CC_SUPPORTS_WA_NOEXECSTACK)
+        add_compile_options("-Wa,--noexecstack")
+    endif()
+    if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
+        add_link_options("-Wl,-z,noexecstack")
+    endif()

    if(NOT ${OQS_BUILD_ONLY_LIB})
        set(THREADS_PREFER_PTHREAD_FLAG ON)
@ -119,7 +140,12 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
    add_compile_options(-Wfloat-equal)
    add_compile_options(-Wwrite-strings)
    if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
-        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+        if(CC_SUPPORTS_WA_NOEXECSTACK)
+            add_compile_options("-Wa,--noexecstack")
+        endif()
+        if(LD_SUPPORTS_WL_Z_NOEXECSTACK)
+            add_link_options("-Wl,-z,noexecstack")
+        endif()
    endif()

    if(NOT ${OQS_BUILD_ONLY_LIB})