summaryrefslogtreecommitdiff
path: root/gnu/usr.bin/binutils/ld/emulparams
diff options
context:
space:
mode:
authorDale Rahn <drahn@cvs.openbsd.org>2003-01-17 20:50:14 +0000
committerDale Rahn <drahn@cvs.openbsd.org>2003-01-17 20:50:14 +0000
commitc74953a6610ab567e0d578b0efe913e513e987ae (patch)
treefe6189df78259efcd870a8677b3d4f20437ab56f /gnu/usr.bin/binutils/ld/emulparams
parent2dd69e36ac9facfcacc4c30c34e093939131f7db (diff)
This is a project to modify executables so that they do not have any
executable regions which are writable. If a section of an executable is writable and executable, it is much easier for errant code to modify the executable's behavior. Two current areas in shared library environments which have this critical problem are the GOT (Global Offset Table) and PLT (Procedure Linkage Table). The PLT is required to be executable and both GOT and PLT are writable on most architectures. On most ELF architecture machines this would cause shared libraries to have data and BSS marked as executable. Padding to the linker script for programs and shared libraries/objects to isolate the GOT and PLT into their own load sections in the executables. This allows only the text(readonly) region and the PLT region to be marked executable with the normal data and BSS not marked as executable. The PLT region is still marked executable on most architectures because the PLT lives in the "data" or "BSS" regions and the dynamic loader will need to modify it. Since the GOT and PLT should only ever be written by the dynamic linker, it will be modified to mprotect those regions so that they are not writable during normal execution. If the dynamic linker needs to modify the regions later, (eg for lazy binding), it will mprotect the region, make the necessary changes, and mprotect it back. Since it is possible to receive a signal which would interrupt the program flow and perhaps cause the dynamic linker to modify the same (or nearby) PLT references, it is now necessary for signals to be blocked for the duration of the mprotect.
Diffstat (limited to 'gnu/usr.bin/binutils/ld/emulparams')
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh2
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh2
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh2
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh2
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh1
5 files changed, 9 insertions, 0 deletions
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
index da5c4a7a079..68c9e4fb39f 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
@@ -8,4 +8,6 @@ ARCH=sparc
MACHINE=
TEMPLATE_NAME=elf32
DATA_PLT=
+PAD_PLT=
+PAD_GOT=
GENERATE_SHLIB_SCRIPT=yes
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
index 22208105a70..7c8b5c95caa 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
@@ -9,6 +9,8 @@ MAXPAGESIZE=0x10000
ARCH=powerpc
MACHINE=
BSS_PLT=
+PAD_GOT=
+PAD_PLT=
EXECUTABLE_SYMBOLS='PROVIDE (__stack = 0); PROVIDE (___stack = 0);'
OTHER_BSS_END_SYMBOLS='__end = .;'
OTHER_READWRITE_SECTIONS='
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
index b0a58eadcb7..00790d59201 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
@@ -6,6 +6,8 @@ MAXPAGESIZE=0x100000
ARCH="sparc:v9"
MACHINE=
DATA_PLT=
+PAD_GOT=
+PAD_PLT=
GENERATE_SHLIB_SCRIPT=yes
NOP=0x01000000
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
index 5c69816b2b7..fa9fad04695 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
@@ -10,6 +10,8 @@ ARCH=alpha
MACHINE=
GENERATE_SHLIB_SCRIPT=yes
DATA_PLT=
+PAD_GOT=
+PAD_PLT=
NOP=0x47ff041f
OTHER_READONLY_SECTIONS='.reginfo : { *(.reginfo) }'
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
index dff567bffbc..0defc2d866f 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
@@ -6,5 +6,6 @@ NONPAGED_TEXT_START_ADDR=0x08048000
ARCH=i386
MACHINE=
NOP=0x9090
+PAD_GOT=
TEMPLATE_NAME=elf32
GENERATE_SHLIB_SCRIPT=yes