From: Oskari Rauta <redacted>
Date: Sun, 12 Mar 2023 16:30:35 +0000 (+0200)
Subject: zerotier: do not allow executable stack
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=56f30520f2413f9f1434def5b533a265912aea1c;p=openwrt-packages.git

zerotier: do not allow executable stack

zerotier as default has executable stack.
[   11.343143] process '/usr/bin/zerotier-one' started with executable stack

executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.

Stack is executable on x86_64, but not on all archs, such as ramips.

Signed-off-by: Oskari Rauta <redacted>
---

diff --git a/net/zerotier/Makefile b/net/zerotier/Makefile
index 47e3f7a63..01ad05248 100644
--- a/net/zerotier/Makefile
+++ b/net/zerotier/Makefile
@@ -58,8 +58,8 @@ endif
 endef
 
 # Make binary smaller
-TARGET_CFLAGS += -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -Wl,-z,noexecstack
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -Wl,-z,noexecstack
 
 define Package/zerotier/conffiles
 /etc/config/zerotier