From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from einhorn-mail-out.in-berlin.de (einhorn.in-berlin.de [192.109.42.8]) by sourceware.org (Postfix) with ESMTPS id B90FB3858D3C for ; Tue, 3 May 2022 20:30:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B90FB3858D3C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=ubuntu.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=ubuntu.com X-Envelope-From: doko@ubuntu.com Received: from authenticated.user (localhost [127.0.0.1]) by einhorn.in-berlin.de with ESMTPSA id 243KTqaJ006908 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 3 May 2022 22:29:53 +0200 Message-ID: Date: Tue, 3 May 2022 22:29:51 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: binutils as policy checker (was: RFC: Add a linker warning when creating segments with RWX permissions) Content-Language: en-US To: "H.J. Lu" Cc: Nick Clifton , Binutils References: <878rrsw074.fsf@redhat.com> <79ba6ad0-7bb6-be2c-2672-6924862c29de@redhat.com> From: Matthias Klose In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, JMQ_SPF_ALL, KAM_DMARC_STATUS, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2022 20:30:20 -0000 On 03.05.22 21:57, H.J. Lu wrote: > On Tue, May 3, 2022 at 12:35 PM Matthias Klose wrote: >> >> On 28.04.22 11:46, Nick Clifton via Binutils wrote: >>> Hi Guys, >>> >>> OK, attached is v2 of my proposed patch. The main features of this >>> new version are: >>> >>> * There are now configure options which can turn off the generation >>> of linker warnings about the creation of executable segments and >>> the creation of executable stacks. By default however not using >>> these configure options will result in the creation of a linker >>> with all of the warnings enabled. >>> >>> * There is new linker command line option: --no-warn-rwx-segments >>> which disables the warnings about executable segments. >>> >>> * There are tests for the new features, plus extra regexps in the >>> testsuite's pruning proc to remove the warnings from the linker's >>> output for normal tests. >>> >>> * The creation of a TLS segment with eXecute permission will trigger >>> a warning, regardless of whether it has the read and/or write >>> permissions set. >>> >>> * There is a new configure time option which will disable the >>> creation of an executable stack simply because an input file is >>> missing a .note-GNU-stack section (for those architectures where >>> such a creation is the normal behaviour). This option is not >>> enabled by default however. At least not yet. >>> >>> I think that this represents the best compromise between helping to >>> promote secure builds whilst also allowing toolchain creators and >>> program builders the option to disable the features if they wish. >>> >>> Any comments ? >> >> this commit contains a ld/aclocal.m4 generated with automake 1.16. Please >> re-create that file with automake 1.15.1. And maybe re-create the Makefile.in >> also with the correct automake version. >> >> Thanks, Matthias > > I am checking in this. thanks, I see that zlib also processed with automake 1.16..2 Matthias