This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC PATCH] Little hardening DSOs/executables against exploits (take 2)


On Thu, Jan 15, 2004 at 12:29:39PM +0100, Jakub Jelinek wrote:
> That's because the order of .got/.sbss/.data/.sdata/.bss should be following:
> 
> RW segment small:
> ----------+
> .got      |
> RELRO_END |
> .data     |- reachable by pic reg
> .sdata    |
> .sbss-----+
> .bss

Ah, I missed noticing that you were putting .data in the middle of
.got / .sdata in one case.

> SBSS small:
> .got------+
> RELRO_END |
> .sdata    |- reachable by pic reg
> .sbss-----+
> .data
> .bss

Here, the real condition isn't that .sbss is small, but that the
combined size of .got, .sdata, .sbss and the segment gap you
introduce is less than 32k.  Can you manage to test something like that?
Also, the 32k limit might change some time as the ABI allows you to put
_GLOBAL_OFFSET_TABLE in the middle of .got.

-- 
Alan Modra
IBM OzLabs - Linux Technology Centre


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]