From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8384 invoked by alias); 27 Oct 2012 19:26:37 -0000 Received: (qmail 8376 invoked by uid 22791); 27 Oct 2012 19:26:37 -0000 X-SWARE-Spam-Status: No, hits=-4.7 required=5.0 tests=AWL,BAYES_00,DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,KHOP_RCVD_TRUST,KHOP_THREADED,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,TW_BJ,TW_JC X-Spam-Check-By: sourceware.org Received: from mail-lb0-f175.google.com (HELO mail-lb0-f175.google.com) (209.85.217.175) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sat, 27 Oct 2012 19:26:30 +0000 Received: by mail-lb0-f175.google.com with SMTP id y2so2399867lbk.20 for ; Sat, 27 Oct 2012 12:26:29 -0700 (PDT) Received: by 10.112.30.163 with SMTP id t3mr10299906lbh.56.1351365989230; Sat, 27 Oct 2012 12:26:29 -0700 (PDT) Received: from [127.0.0.1] (assk2.torservers.net. [78.108.63.44]) by mx.google.com with ESMTPS id hu6sm1494267lab.13.2012.10.27.12.26.26 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 27 Oct 2012 12:26:28 -0700 (PDT) Message-ID: <508C3559.9070802@googlemail.com> Date: Sun, 28 Oct 2012 15:31:00 -0000 From: Michael Zintakis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 MIME-Version: 1.0 To: "gcc-help@gcc.gnu.org" Subject: Re: loading of shared objects and executables References: <508BE980.9020903@googlemail.com> <5F3AFFD2D26186458636762CE30CCF65018C2E@MX102CL01.corp.emc.com> In-Reply-To: <5F3AFFD2D26186458636762CE30CCF65018C2E@MX102CL01.corp.emc.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org X-SW-Source: 2012-10/txt/msg00163.txt.bz2 Hi Roman, >> or 2. create a separate header/section >> (called ".security" for example) and attach that verification data there. >> > > As Linux uses ELF, I personally like the second approach as it's much more consistent. > Indeed, much easier to create/maintain and is quite flexible as well (I could have multiple sections for multiple purposes - .security.sig.hash, .security.sig.name, .security.flags for example). > To make a custom section layout you can use linker scripts (http://sourceware.org/binutils/docs/ld/Scripts.html). > Yep, that was another good one - thank you! For already-built binaries I could use objcopy (I tested it earlier today and it is flawless!), so that folds up nicely for compiling new ELF binaries.