actively disable stack execution on linux and bsd

src/librustc_back/target/dragonfly_base.rs

@@ -24,6 +24,9 @@ pub fn opts() -> TargetOptions {
             // libraries which follow this flag.  Thus, use it before
             // specifying libraries to link to.
             "-Wl,--as-needed".to_string(),
+
+            // Always enable NX protection when it is available
+            "-Wl,-z,noexecstack".to_string(),
         ),
         position_independent_executables: true,
         archive_format: "gnu".to_string(),

src/librustc_back/target/freebsd_base.rs

@@ -17,6 +17,19 @@ pub fn opts() -> TargetOptions {
         dynamic_linking: true,
         executables: true,
         has_rpath: true,
+        pre_link_args: vec![
+            // We want to be able to strip as much executable code as possible
+            // from the linker command line, and this flag indicates to the
+            // linker that it can avoid linking in dynamic libraries that don't
+            // actually satisfy any symbols up to that point (as with many other
+            // resolutions the linker does). This option only applies to all
+            // following libraries so we're sure to pass it as one of the first
+            // arguments.
+            "-Wl,--as-needed".to_string(),
+
+            // Always enable NX protection when it is available
+            "-Wl,-z,noexecstack".to_string(),
+        ],
         archive_format: "gnu".to_string(),
         exe_allocation_crate: super::maybe_jemalloc(),
 

src/librustc_back/target/linux_base.rs

@@ -26,6 +26,9 @@ pub fn opts() -> TargetOptions {
             // following libraries so we're sure to pass it as one of the first
             // arguments.
             "-Wl,--as-needed".to_string(),
+
+            // Always enable NX protection when it is available
+            "-Wl,-z,noexecstack".to_string(),
         ],
         position_independent_executables: true,
         archive_format: "gnu".to_string(),

src/librustc_back/target/netbsd_base.rs

@@ -24,6 +24,9 @@ pub fn opts() -> TargetOptions {
             // libraries which follow this flag.  Thus, use it before
             // specifying libraries to link to.
             "-Wl,--as-needed".to_string(),
+
+            // Always enable NX protection when it is available
+            "-Wl,-z,noexecstack".to_string(),
         ),
         position_independent_executables: true,
         archive_format: "gnu".to_string(),

src/librustc_back/target/openbsd_base.rs

@@ -24,6 +24,9 @@ pub fn opts() -> TargetOptions {
             // libraries which follow this flag.  Thus, use it before
             // specifying libraries to link to.
             "-Wl,--as-needed".to_string(),
+
+            // Always enable NX protection when it is available
+            "-Wl,-z,noexecstack".to_string(),
         ),
         position_independent_executables: true,
         archive_format: "gnu".to_string(),