STACK Directive

The STACK directive specifies attributes of the process stack.

        STACK {
                FLAGS  = segment_flags...;
                FLAGS += segment_flags...;
                FLAGS -= segment_flags...;
};

The FLAGS attribute specifies a white space separated list of segment permissions consisting of any of the values described in Table 9–3.

There are three forms allowed. The simple “=” assignment operator replaces the current flags with the new set, the “+=” form adds the new flags to the existing set, and the “-=” form removes the specified flags from the existing set.

The default stack permissions are defined by the platform ABI, and vary between platforms. The value for the target platform is specified using the segment flag name STACK.

On some platforms, the ABI mandated default permissions include EXECUTE. EXECUTE is rarely if ever needed and is generally considered to be a potential security risk. Removing EXECUTE permission from the stack is a recommended practice.

        STACK {
                FLAGS -= EXECUTE;
        };

The STACK directive is reflected in the output ELF object as a PT_SUNWSTACK program header entry.