1. Oracle Solaris 11.4 Linkers and Libraries Guide
  2. Linker and Libraries Advanced Topics
  3. Mapfiles in the Link-Editor
  4. Mapfile Directives
  5. STACK Directive

STACK Directive

Note:

This directive is maintained for backward compatibility. A more extensive mechanism of requesting security extensions is provided using the link-editor's -z sx option. See Requesting Security Extensions.

The STACK directive specifies attributes of the process stack. 

        STACK {
                FLAGS  = segment_flags....;
                FLAGS += segment_flags....;
                FLAGS -= segment_flags....;
        };

The FLAGS attribute specifies a white space separated list of segment permissions consisting of any of the values described in Segment Flags.

There are three forms allowed. The simple "=" assignment operator replaces the current flags with the new set, the "+=" form adds the new flags to the existing set, and the "-=" form removes the specified flags from the existing set.

The default stack permissions are defined by the platform ABI, and vary between platforms. The value for the target platform is specified using the segment flag name STACK.

On some platforms, the ABI mandated default permissions include EXECUTE. EXECUTE is rarely if ever needed and is generally considered to be a potential security risk. Removing EXECUTE permission from the stack is a recommended practice. 

        STACK {
                FLAGS -= EXECUTE;
        };

The STACK directive is reflected in the output ELF object as a PT_SUNW_STACK program header entry.