[RFC PATCH] Little hardening DSOs/executables against exploits (take 2)

Alan Modra amodra@bigpond.net.au
Thu Jan 15 21:38:00 GMT 2004


On Thu, Jan 15, 2004 at 12:29:39PM +0100, Jakub Jelinek wrote:
> That's because the order of .got/.sbss/.data/.sdata/.bss should be following:
> 
> RW segment small:
> ----------+
> .got      |
> RELRO_END |
> .data     |- reachable by pic reg
> .sdata    |
> .sbss-----+
> .bss

Ah, I missed noticing that you were putting .data in the middle of
.got / .sdata in one case.

> SBSS small:
> .got------+
> RELRO_END |
> .sdata    |- reachable by pic reg
> .sbss-----+
> .data
> .bss

Here, the real condition isn't that .sbss is small, but that the
combined size of .got, .sdata, .sbss and the segment gap you
introduce is less than 32k.  Can you manage to test something like that?
Also, the 32k limit might change some time as the ABI allows you to put
_GLOBAL_OFFSET_TABLE in the middle of .got.

-- 
Alan Modra
IBM OzLabs - Linux Technology Centre



More information about the Binutils mailing list