How to add read-only section via linker script

Luca Boccassi bluca@debian.org
Mon May 10 10:58:38 GMT 2021


Hi,

I am adding a .note to a binary via a linker script, but the note ends
up being read/write, which upsets SELinux among other issues.

Is there a way to make it read-only, _without_ having to compile some
object code and link it, but exclusively using the linker script?

Here's the content of the linker script:

SECTIONS
{
    .note.package : ALIGN(4) {
        BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
        BYTE(0x39) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
        BYTE(0x7e) BYTE(0x1a) BYTE(0xfe) BYTE(0xca) /* Note ID */
        BYTE(0x46) BYTE(0x44) BYTE(0x4f) BYTE(0x00) /* Owner: 'FDO\x00' */
        BYTE(0x7b) BYTE(0x22) BYTE(0x74) BYTE(0x79)
        BYTE(0x70) BYTE(0x65) BYTE(0x22) BYTE(0x3a)
        BYTE(0x22) BYTE(0x64) BYTE(0x65) BYTE(0x62)
        BYTE(0x22) BYTE(0x2c) BYTE(0x22) BYTE(0x6e)
        BYTE(0x61) BYTE(0x6d) BYTE(0x65) BYTE(0x22)
        BYTE(0x3a) BYTE(0x22) BYTE(0x66) BYTE(0x73)
        BYTE(0x76) BYTE(0x65) BYTE(0x72) BYTE(0x69)
        BYTE(0x74) BYTE(0x79) BYTE(0x2d) BYTE(0x75)
        BYTE(0x74) BYTE(0x69) BYTE(0x6c) BYTE(0x73)
        BYTE(0x22) BYTE(0x2c) BYTE(0x22) BYTE(0x76)
        BYTE(0x65) BYTE(0x72) BYTE(0x73) BYTE(0x69)
        BYTE(0x6f) BYTE(0x6e) BYTE(0x22) BYTE(0x3a)
        BYTE(0x22) BYTE(0x31) BYTE(0x2e) BYTE(0x33)
        BYTE(0x2d) BYTE(0x31) BYTE(0x22) BYTE(0x7d)
        BYTE(0x00) BYTE(0x00) BYTE(0x00) BYTE(0x00)
    }
}
INSERT AFTER .note.gnu.build-id;


Used it by adding it to the linker flags via:

LDFLAGS="-Wl,-T,$PWD/script"

objdump -h on the binary shows it as read/write (no READONLY flag):

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001c  00000000000002a8  00000000000002a8  000002a8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  00000000000002c4  00000000000002c4  000002c4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  00000000000002e4  00000000000002e4  000002e4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .note.package 0000004c  0000000000000308  0000000000000308  00000308  2**2
                  CONTENTS, ALLOC, LOAD, DATA

Thanks!

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://sourceware.org/pipermail/binutils/attachments/20210510/dd21c158/attachment.sig>


More information about the Binutils mailing list