diff options
| author |   drahn <drahn@openbsd.org> | 2003-01-30 21:06:47 +0000 |
|---|---|---|
| committer | drahn <drahn@openbsd.org> | 2003-01-30 21:06:47 +0000 |
| commit | c3b79b47f2ac7c859d416f728d9f9f098d6abb6c (patch) | |
| tree | 798d5c374d7c61bd9e0f909e784d9c2030b969e0 | |
| parent | this allows to build a ramdiskNN.lif (diff) | |
| download | wireguard-openbsd-c3b79b47f2ac7c859d416f728d9f9f098d6abb6c.tar.xz wireguard-openbsd-c3b79b47f2ac7c859d416f728d9f9f098d6abb6c.zip | |
ELF security enhancement: put .rodata into it's own load section instead
of putting it with the text. This removes the execute permission
from readonly data. This constrains the executable region to portions
of the executable which need to be executable. Note: not all processors
or mmus are capable of -X protection at the page level, but should
handle ELF images which specify specific RWX protections on each section.
| -rw-r--r-- | gnu/usr.bin/binutils/bfd/elf.c | 2 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh | 1 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils/ld/scripttempl/elf.sc | 2 |
7 files changed, 8 insertions, 1 deletions
diff --git a/gnu/usr.bin/binutils/bfd/elf.c b/gnu/usr.bin/binutils/bfd/elf.c index b39fbe4d505..a9daa8b88c0 100644 --- a/gnu/usr.bin/binutils/bfd/elf.c +++ b/gnu/usr.bin/binutils/bfd/elf.c @@ -3103,7 +3103,7 @@ get_program_header_size (abfd) longer true. Now there can be several PT_LOAD sections. 6 seems to be enough with BSS_PLT, where we have text, data, GOT, dynamic, PLT, bss */ - segs = 6; + segs = 7; s = bfd_get_section_by_name (abfd, ".interp"); if (s != NULL && (s->flags & SEC_LOAD) != 0) diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh index 68c9e4fb39f..fc23bb59c5e 100644 --- a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh +++ b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh @@ -8,6 +8,7 @@ ARCH=sparc MACHINE= TEMPLATE_NAME=elf32 DATA_PLT= +PAD_RO= PAD_PLT= PAD_GOT= GENERATE_SHLIB_SCRIPT=yes diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh index 7c8b5c95caa..0fbbf68c7ec 100644 --- a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh +++ b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh @@ -9,6 +9,7 @@ MAXPAGESIZE=0x10000 ARCH=powerpc MACHINE= BSS_PLT= +PAD_RO= PAD_GOT= PAD_PLT= EXECUTABLE_SYMBOLS='PROVIDE (__stack = 0); PROVIDE (___stack = 0);' diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh index 00790d59201..091824d5cf5 100644 --- a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh +++ b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh @@ -6,6 +6,7 @@ MAXPAGESIZE=0x100000 ARCH="sparc:v9" MACHINE= DATA_PLT= +PAD_RO= PAD_GOT= PAD_PLT= GENERATE_SHLIB_SCRIPT=yes diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh index fa9fad04695..0abe219f84a 100644 --- a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh +++ b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh @@ -10,6 +10,7 @@ ARCH=alpha MACHINE= GENERATE_SHLIB_SCRIPT=yes DATA_PLT= +PAD_RO= PAD_GOT= PAD_PLT= NOP=0x47ff041f diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh index 0defc2d866f..aca49bcbaf6 100644 --- a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh +++ b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh @@ -6,6 +6,7 @@ NONPAGED_TEXT_START_ADDR=0x08048000 ARCH=i386 MACHINE= NOP=0x9090 +PAD_RO= PAD_GOT= TEMPLATE_NAME=elf32 GENERATE_SHLIB_SCRIPT=yes diff --git a/gnu/usr.bin/binutils/ld/scripttempl/elf.sc b/gnu/usr.bin/binutils/ld/scripttempl/elf.sc index e155639eff9..8d47b4ad17b 100644 --- a/gnu/usr.bin/binutils/ld/scripttempl/elf.sc +++ b/gnu/usr.bin/binutils/ld/scripttempl/elf.sc @@ -70,6 +70,7 @@ DYNAMIC=".dynamic ${RELOCATING-0} : { *(.dynamic) }" RODATA=".rodata ${RELOCATING-0} : { *(.rodata) ${RELOCATING+*(.rodata.*)} ${RELOCATING+*(.gnu.linkonce.r.*)} }" SBSS2=".sbss2 ${RELOCATING-0} : { *(.sbss2) ${RELOCATING+*(.sbss2.*)} ${RELOCATING+*(.gnu.linkonce.sb2.*)} }" SDATA2=".sdata2 ${RELOCATING-0} : { *(.sdata2) ${RELOCATING+*(.sdata2.*)} ${RELOCATING+*(.gnu.linkonce.s2.*)} }" +test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_RO0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));}" test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_PLT0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));} .pltpad0 ${RELOCATING-0} : { ${RELOCATING+__plt_start = .;} }" test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_PLT1=".pltpad1 ${RELOCATING-0} : { ${RELOCATING+__plt_end = .;}} ${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));}" test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_GOT0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));} .gotpad0 ${RELOCATING-0} : { ${RELOCATING+__got_start = .;} }" @@ -289,6 +290,7 @@ SECTIONS ${RELOCATING+PROVIDE (__etext = .);} ${RELOCATING+PROVIDE (_etext = .);} ${RELOCATING+PROVIDE (etext = .);} + ${PAD_RO+${PAD_RO0}} ${WRITABLE_RODATA-${RODATA}} .rodata1 ${RELOCATING-0} : { *(.rodata1) } ${CREATE_SHLIB-${SDATA2}} |