From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) by sourceware.org (Postfix) with ESMTP id B76EE3858D1E for ; Fri, 29 Apr 2022 06:29:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B76EE3858D1E Content-Type: multipart/signed; boundary="Apple-Mail=_BBE9F67C-BA9B-4418-B88D-CB6EEF243AA7"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\)) Subject: Re: binutils as policy checker (was: RFC: Add a linker warning when creating segments with RWX permissions) From: Sam James In-Reply-To: <79ba6ad0-7bb6-be2c-2672-6924862c29de@redhat.com> Date: Fri, 29 Apr 2022 07:29:51 +0100 Cc: Binutils Message-Id: <786031C9-60D3-4D02-9853-362CE6937556@gentoo.org> References: <878rrsw074.fsf@redhat.com> <79ba6ad0-7bb6-be2c-2672-6924862c29de@redhat.com> To: Nick Clifton X-Mailer: Apple Mail (2.3696.80.82.1.1) X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2022 06:29:58 -0000 --Apple-Mail=_BBE9F67C-BA9B-4418-B88D-CB6EEF243AA7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 28 Apr 2022, at 10:46, Nick Clifton via Binutils = wrote: >=20 > Hi Guys, >=20 > OK, attached is v2 of my proposed patch. The main features of this > new version are: >=20 > * There are now configure options which can turn off the generation > of linker warnings about the creation of executable segments and > the creation of executable stacks. By default however not using > these configure options will result in the creation of a linker > with all of the warnings enabled. >=20 > * There is new linker command line option: --no-warn-rwx-segments > which disables the warnings about executable segments. >=20 > * There are tests for the new features, plus extra regexps in the > testsuite's pruning proc to remove the warnings from the linker's > output for normal tests. >=20 > * The creation of a TLS segment with eXecute permission will = trigger > a warning, regardless of whether it has the read and/or write > permissions set. >=20 > * There is a new configure time option which will disable the > creation of an executable stack simply because an input file is > missing a .note-GNU-stack section (for those architectures where > such a creation is the normal behaviour). This option is not > enabled by default however. At least not yet. >=20 > I think that this represents the best compromise between helping to > promote secure builds whilst also allowing toolchain creators and > program builders the option to disable the features if they wish. >=20 > Any comments ? WFM and thanks for taking my comments into account -- much appreciated! >=20 > Cheers > Nick best, sam --Apple-Mail=_BBE9F67C-BA9B-4418-B88D-CB6EEF243AA7 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEEYOpPv/uDUzOcqtTy9JIoEO6gSDsFAmJrhd9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYw RUE0RkJGRkI4MzUzMzM5Q0FBRDRGMkY0OTIyODEwRUVBMDQ4M0IACgkQ9JIoEO6g SDtOYwgAtjrQQtB2LZ4m3v9x1x0dw+TYqvrwi0vTI7f4cfkt05JYroB0+r9X3/xJ c9OeUH7g+z5fzvlQ317MQrXTszVEmB4xAdqqnilgGrPz74NIQ27uTH03/uS8VlhA L/mO8qlVmNdPcUMb+onfcLMv7a0PlxleHXhgzU6ddxO+O0DwWkE8Vonno8B7Y2Wc VpAffKWyoDjoHQJtmf6GG66gf5delRe112lkZ2kgxcBO/x4Ll/J6KRnPNbtXYPrW cqaDgswJYnOappYX/5XgfuVKIAAnpRpA20tWDKbRm5DBrzuaLYLTyaH7qDd1EKTV h42dilHs0xx/Qs7Gz1wnqHlHFloS0g== =AJtL -----END PGP SIGNATURE----- --Apple-Mail=_BBE9F67C-BA9B-4418-B88D-CB6EEF243AA7--