From: Ian Lance Taylor <ian@airs.com>
To: "Jan Beulich" <JBeulich@novell.com>
Cc: <binutils@sources.redhat.com>
Subject: Re: [PATCH] ELF section to segment mapping adjustments
Date: Tue, 10 May 2005 16:45:00 -0000 [thread overview]
Message-ID: <m3mzr3ukvw.fsf@gossamer.airs.com> (raw)
In-Reply-To: <s280e191.021@emea1-mh.id2.novell.com>
"Jan Beulich" <JBeulich@novell.com> writes:
> >>> Ian Lance Taylor <ian@airs.com> 10.05.05 17:12:55 >>>
> >"Jan Beulich" <JBeulich@novell.com> writes:
> >
> >> Shouldn't the executable permission be handled like the writeable one, i.e.
> >> attempting to not merge sections with different permissions into one
> >> segment?
> >
> >If we break a segment to avoid merging a non-executable section with
> >an executable section, then we will wind up putting .text and .rodata
> >into different segments. We don't want to do that in the normal case.
>
> I understand that's been the traditional behavior, but I don't know
> why exactly this is happening (except for space saving
> reasons). With attempts in various places to close holes where one
> can execute stuff in memory that shouldn't really be executed, it'd
> seem to me that more enforcement in this area would be quite
> reasonable to expect...
Those holes are related to writable memory. It would be a big mistake
to merge a writable section with an executable section and thus make
the segment writable. But it does no harm to have read-only data
mixed into an executable segment. Sure, the person doing the link
could put then execute data which is in the .rodata section. But they
can already put that same data into the .text section, so there is no
additional vulnerability.
Saving space is less important than security, but it is not of
neglible importance.
Ian
next parent reply other threads:[~2005-05-10 16:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <s280e191.021@emea1-mh.id2.novell.com>
2005-05-10 16:45 ` Ian Lance Taylor [this message]
2005-05-10 15:32 Jan Beulich
-- strict thread matches above, loose matches on Subject: below --
2005-05-10 12:40 Jan Beulich
2005-05-10 15:21 ` Ian Lance Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3mzr3ukvw.fsf@gossamer.airs.com \
--to=ian@airs.com \
--cc=JBeulich@novell.com \
--cc=binutils@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).