Use --noexecstack for assembly code

[nalimilan]

This enables hardware stack protection, which is required by distributions.
See https://wiki.gentoo.org/wiki/Project:Hardened/GNU_stack_quickstart

I found this problem when checking my RPM package of Julia.
The other solution suggested by the above page is to add code to every
.S file:
.section .note.GNU-stack,"",%progbits

They consider it a better approach for upstreaming, but AFAICT there
is not difference with always passing the flags, and this avoids
much duplicated blocks in many files.

This seems to be supported on all architectures now (see link), but
I have no idea what happens with compilers other than gcc.

[ViralBShah]

Cc: @vtjnash @loladiro

[vtjnash]

I have no knowledge / opinion of this.

Reading the link, they seem pretty strongly in favor of patching the source
over passing compiler flags. I would be fine with adding this to all files,
as suggested by the link:

#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif

On Thu, Dec 12, 2013 at 11:56 PM, Viral B. Shah notifications@github.comwrote:

Cc: @vtjnash https://github.com/vtjnash @loladirohttps://github.com/loladiro

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/34#issuecomment-30487174
.

[ViralBShah]

It seems better to just adding that section to all the files, in that case.

[nalimilan]

Here you go. This solution is a little noisy, but indeed it ensures somebody copying the files will not forget to enable stack protection.

[vtjnash]

lgtm