STACK
Directive
Note:
This directive is maintained for backward compatibility. A more extensive mechanism of requesting security extensions is provided using the link-editor's-z sx
option. See
Requesting Security Extensions.
The STACK
directive specifies attributes of the process
stack.
STACK { FLAGS = segment_flags....; FLAGS += segment_flags....; FLAGS -= segment_flags....; };
The FLAGS
attribute specifies a white space separated list of
segment permissions consisting of any of the values described in Segment Flags.
There are three forms allowed. The simple "=
"
assignment operator replaces the current flags with the new set, the
"+=
" form adds the new flags to the existing set,
and the "-=
" form removes the specified flags from
the existing set.
The default stack permissions are defined by the platform ABI,
and vary between platforms. The value for the target platform is specified using the
segment flag name STACK
.
On some platforms, the ABI mandated default permissions include
EXECUTE
. EXECUTE
is rarely if ever needed
and is generally considered to be a potential security risk. Removing
EXECUTE
permission from the stack is a recommended
practice.
STACK { FLAGS -= EXECUTE; };
The STACK
directive is reflected in
the output ELF object as a PT_SUNW_STACK
program header entry.