Add ld option to set MH_NO_HEAP_EXECUTION flag
| Originator: | rsesek | ||
| Number: | rdar://25704436 | Date Originated: | 4/13/2016 |
| Status: | Open | Resolved: | |
| Product: | OS X SDK | Product Version: | Xcode 7.0.1/ ld64-253.3.3 |
| Classification: | Enhancement | Reproducible: | Not Applicable |
There is no way from ld to set the MH_NO_HEAP_EXECUTION mach_header flag, but it would be desirable to do so for some applications. While the architecture default for x86_64 is to not have an executable heap or stack, both of these settings can be changed via sysctl. As a defense-in-depth measure, it would be beneficial to be able to set the MH_NO_HEAP_EXECUTION flag when invoking the linker. Looking at the ld source code (http://opensource.apple.com/source/ld64/ld64-253.3/src/ld/Options.cpp), there already is an option fNonExecutableHeap that controls whether the MH_NO_HEAP_EXECUTION is set. However there is no corresponding command line flag that enables user control over this option. (It is only set if on i386 for dynamically linked executables.) There is an option -allow_heap_execute command line flag that can be used on i386 to inhibit this behavior. So, it would be logical to have a negated version of that command line flag to always set the MH_NO_HEAP_EXECUTION bit.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!