From: Michael Matz <matz@suse.de>
To: Nick Clifton <nickc@redhat.com>
Cc: binutils@sourceware.org
Subject: binutils as policy checker (was: RFC: Add a linker warning when creating segments with RWX permissions)
Date: Tue, 26 Apr 2022 15:06:48 +0000 (UTC) [thread overview]
Message-ID: <alpine.LSU.2.20.2204261452380.32194@wotan.suse.de> (raw)
In-Reply-To: <878rrsw074.fsf@redhat.com>
Hello,
On Tue, 26 Apr 2022, Nick Clifton via Binutils wrote:
> Following on from the patch to add warnings when the linker creates an
> executable stack, here is another proposal for a patch to add a
> warning when the linker creates a memory resident segment with RWX
> permissions.
Is binutils really the right place to enforce policies? I'm
slightly worried about this direction.
I consider all these kinds of checks, which do have some sense, to be
implementing a certain set of rules that aren't inherent in the design or
requirements of binary files intended to hold object code and data, i.e. a
policy. And for checking adherence to a policy I would expect a policy
checker tool to be more appropriate than tools designed for creating such
object files. Not in the least because policies can sometimes change
quite quickly (and arbitrarily) and hence need quickly adjustable tooling
anyway and (even more so) that policies are different for different
audiences and so encoding one specific policy into a tool looks wrong.
E.g. here I would expect a post-build checker tool to test for RWX
segments in generated ELF files, like rpmlint and friends, as the distros
are using already, of course, because that's what the distro makers
decided to be a policy, not because the binutils authors decided so (I'm
aware that there's a large overlap in those two sets of people :) ).
Ciao,
Michael.
next prev parent reply other threads:[~2022-04-26 15:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-26 11:31 RFC: Add a linker warning when creating segments with RWX permissions Nick Clifton
2022-04-26 13:56 ` Jan Beulich
2022-04-26 16:39 ` Nick Clifton
2022-04-26 15:06 ` Michael Matz [this message]
2022-04-26 15:20 ` binutils as policy checker (was: RFC: Add a linker warning when creating segments with RWX permissions) Joel Sherrill
2022-04-28 9:46 ` Nick Clifton
2022-04-29 6:29 ` Sam James
2022-05-03 14:54 ` Michael Matz
2022-05-03 19:35 ` Matthias Klose
2022-05-03 19:57 ` H.J. Lu
2022-05-03 20:29 ` Matthias Klose
2022-04-26 16:47 ` Nick Clifton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LSU.2.20.2204261452380.32194@wotan.suse.de \
--to=matz@suse.de \
--cc=binutils@sourceware.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).