From 5d4ce82d544ac1cd104135b2541ccc2f9ad836a2 Mon Sep 17 00:00:00 2001
From: Rafael Kitover <rkitover@gmail.com>
Date: Sat, 25 Mar 2017 03:58:30 -0700
Subject: [PATCH] make bins built with asm disable exec stack #98

Add the `section .note.GNU-stack` markers to .asm files built with nasm
to make sure the final executables do not have an executable stack.

This is described here:

https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
---
 src/filters/2xSaImmx.asm      | 10 +++++++++-
 src/filters/hq/asm/macros.mac | 10 ++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/filters/2xSaImmx.asm b/src/filters/2xSaImmx.asm
index 2c4e2443..3370bcf9 100644
--- a/src/filters/2xSaImmx.asm
+++ b/src/filters/2xSaImmx.asm
@@ -24,7 +24,15 @@
 
 ;%define FAR_POINTER
 
-
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf32
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf64
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
 
 BITS 32
 GLOBAL __2xSaILine
diff --git a/src/filters/hq/asm/macros.mac b/src/filters/hq/asm/macros.mac
index 3845b28b..5b3bd98e 100644
--- a/src/filters/hq/asm/macros.mac
+++ b/src/filters/hq/asm/macros.mac
@@ -1,3 +1,13 @@
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf32
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf64
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+
 %ifdef __AMD64__
 bits 64
 %else