From 215375f2a5e156d230e2a671ff22524c3894b49f Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Fri, 19 Mar 2021 05:47:23 +0000
Subject: [PATCH] Build: Enable --noexecstack

Build ELF executables with a zero length `GNU_STACK`
program header flagged non-executable.

The stack is never executable on SerenityOS regardless
of whether the `GNU_STACK` header is specified.

Specifically defining this header is more explicit,
as absence of this header implies an executable stack
on other systems (Linux).
---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f7209ae0a65..d8e2365d424 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -146,8 +146,8 @@ endforeach()
 
 set(CMAKE_INSTALL_NAME_TOOL "")
 set(CMAKE_SHARED_LIBRARY_SUFFIX ".so")
-set(CMAKE_SHARED_LIBRARY_CREATE_CXX_FLAGS "-shared -Wl,--hash-style=gnu,-z,relro,-z,now")
-set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now")
+set(CMAKE_SHARED_LIBRARY_CREATE_CXX_FLAGS "-shared -Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack")
+set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack")
 
 # We disable it completely because it makes cmake very spammy.
 # This will need to be revisited when the Loader supports RPATH/RUN_PATH.