summaryrefslogtreecommitdiff
path: root/gnu/usr.bin/binutils
diff options
context:
space:
mode:
authorDale Rahn <drahn@cvs.openbsd.org>2003-01-30 21:06:48 +0000
committerDale Rahn <drahn@cvs.openbsd.org>2003-01-30 21:06:48 +0000
commit9b47077e91abff859fb1253814138b68d1e5b817 (patch)
tree5c5918cc8db29644d0da4b2c91063d79df790e3b /gnu/usr.bin/binutils
parent40fa295c7d4b8f2c25a804fbe379c2b34aa6e180 (diff)
ELF security enhancement: put .rodata into it's own load section instead
of putting it with the text. This removes the execute permission from readonly data. This constrains the executable region to portions of the executable which need to be executable. Note: not all processors or mmus are capable of -X protection at the page level, but should handle ELF images which specify specific RWX protections on each section.
Diffstat (limited to 'gnu/usr.bin/binutils')
-rw-r--r--gnu/usr.bin/binutils/bfd/elf.c2
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh1
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh1
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh1
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh1
-rw-r--r--gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh1
-rw-r--r--gnu/usr.bin/binutils/ld/scripttempl/elf.sc2
7 files changed, 8 insertions, 1 deletions
diff --git a/gnu/usr.bin/binutils/bfd/elf.c b/gnu/usr.bin/binutils/bfd/elf.c
index b39fbe4d505..a9daa8b88c0 100644
--- a/gnu/usr.bin/binutils/bfd/elf.c
+++ b/gnu/usr.bin/binutils/bfd/elf.c
@@ -3103,7 +3103,7 @@ get_program_header_size (abfd)
longer true. Now there can be several PT_LOAD sections. 6 seems
to be enough with BSS_PLT, where we have text, data, GOT, dynamic,
PLT, bss */
- segs = 6;
+ segs = 7;
s = bfd_get_section_by_name (abfd, ".interp");
if (s != NULL && (s->flags & SEC_LOAD) != 0)
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
index 68c9e4fb39f..fc23bb59c5e 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf32_sparc.sh
@@ -8,6 +8,7 @@ ARCH=sparc
MACHINE=
TEMPLATE_NAME=elf32
DATA_PLT=
+PAD_RO=
PAD_PLT=
PAD_GOT=
GENERATE_SHLIB_SCRIPT=yes
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
index 7c8b5c95caa..0fbbf68c7ec 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf32ppc.sh
@@ -9,6 +9,7 @@ MAXPAGESIZE=0x10000
ARCH=powerpc
MACHINE=
BSS_PLT=
+PAD_RO=
PAD_GOT=
PAD_PLT=
EXECUTABLE_SYMBOLS='PROVIDE (__stack = 0); PROVIDE (___stack = 0);'
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
index 00790d59201..091824d5cf5 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf64_sparc.sh
@@ -6,6 +6,7 @@ MAXPAGESIZE=0x100000
ARCH="sparc:v9"
MACHINE=
DATA_PLT=
+PAD_RO=
PAD_GOT=
PAD_PLT=
GENERATE_SHLIB_SCRIPT=yes
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
index fa9fad04695..0abe219f84a 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf64alpha.sh
@@ -10,6 +10,7 @@ ARCH=alpha
MACHINE=
GENERATE_SHLIB_SCRIPT=yes
DATA_PLT=
+PAD_RO=
PAD_GOT=
PAD_PLT=
NOP=0x47ff041f
diff --git a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
index 0defc2d866f..aca49bcbaf6 100644
--- a/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
+++ b/gnu/usr.bin/binutils/ld/emulparams/elf_i386.sh
@@ -6,6 +6,7 @@ NONPAGED_TEXT_START_ADDR=0x08048000
ARCH=i386
MACHINE=
NOP=0x9090
+PAD_RO=
PAD_GOT=
TEMPLATE_NAME=elf32
GENERATE_SHLIB_SCRIPT=yes
diff --git a/gnu/usr.bin/binutils/ld/scripttempl/elf.sc b/gnu/usr.bin/binutils/ld/scripttempl/elf.sc
index e155639eff9..8d47b4ad17b 100644
--- a/gnu/usr.bin/binutils/ld/scripttempl/elf.sc
+++ b/gnu/usr.bin/binutils/ld/scripttempl/elf.sc
@@ -70,6 +70,7 @@ DYNAMIC=".dynamic ${RELOCATING-0} : { *(.dynamic) }"
RODATA=".rodata ${RELOCATING-0} : { *(.rodata) ${RELOCATING+*(.rodata.*)} ${RELOCATING+*(.gnu.linkonce.r.*)} }"
SBSS2=".sbss2 ${RELOCATING-0} : { *(.sbss2) ${RELOCATING+*(.sbss2.*)} ${RELOCATING+*(.gnu.linkonce.sb2.*)} }"
SDATA2=".sdata2 ${RELOCATING-0} : { *(.sdata2) ${RELOCATING+*(.sdata2.*)} ${RELOCATING+*(.gnu.linkonce.s2.*)} }"
+test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_RO0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));}"
test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_PLT0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));} .pltpad0 ${RELOCATING-0} : { ${RELOCATING+__plt_start = .;} }"
test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_PLT1=".pltpad1 ${RELOCATING-0} : { ${RELOCATING+__plt_end = .;}} ${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));}"
test "$LD_FLAG" = "N" || test "$LD_FLAG" = "Z" || PAD_GOT0="${RELOCATING+. = ALIGN(${MAXPAGESIZE}) + (. & (${MAXPAGESIZE} - 1));} .gotpad0 ${RELOCATING-0} : { ${RELOCATING+__got_start = .;} }"
@@ -289,6 +290,7 @@ SECTIONS
${RELOCATING+PROVIDE (__etext = .);}
${RELOCATING+PROVIDE (_etext = .);}
${RELOCATING+PROVIDE (etext = .);}
+ ${PAD_RO+${PAD_RO0}}
${WRITABLE_RODATA-${RODATA}}
.rodata1 ${RELOCATING-0} : { *(.rodata1) }
${CREATE_SHLIB-${SDATA2}}