This: echo 'int main (void) { return 0; }' > t.c gcc `rpm --eval "%build_cflags %build_ldflags"` -Wl,-z,execstack t.c readelf -lW a.out | grep GNU_STACK annocheck a.out produces: GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x10 but no executable stack error from annocheck. I would have expected an error from annocheck here. Note that the PT_GNU_STACK program header is obviously not present in ET_REL files. There, a special note section is used, .note.GNU-stack. If the section is executable, the stack will be marked executable in the program header. If the section is absent, the behavior is target-dependent.
Hi Florian, A snafu in the annocheck code - it was assuming that PT_GNU_STACK segments could have the execute flag set, instead of clear. Doh. Fixed in: annobin-8.73-1.fc31 Cheers Nick
annobin-8.73-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-30cb514427
annobin-8.73-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-30cb514427
annobin-8.73-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.