You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a project to modify executables so that they do not have any
executable regions which are writable. If a section of an executable is
writable and executable, it is much easier for errant code to modify the
executable's behavior.
Two current areas in shared library environments which have this
critical problem are the GOT (Global Offset Table) and PLT (Procedure
Linkage Table). The PLT is required to be executable and both GOT and
PLT are writable on most architectures. On most ELF architecture
machines this would cause shared libraries to have data and BSS marked
as executable.
Padding to the linker script for programs and shared libraries/objects
to isolate the GOT and PLT into their own load sections in the
executables. This allows only the text(readonly) region and the PLT
region to be marked executable with the normal data and BSS not marked
as executable. The PLT region is still marked executable on most
architectures because the PLT lives in the "data" or "BSS" regions
and the dynamic loader will need to modify it. Since the GOT and PLT
should only ever be written by the dynamic linker, it will be modified
to mprotect those regions so that they are not writable during normal
execution. If the dynamic linker needs to modify the regions later,
(eg for lazy binding), it will mprotect the region, make the necessary
changes, and mprotect it back. Since it is possible to receive a
signal which would interrupt the program flow and perhaps cause the
dynamic linker to modify the same (or nearby) PLT references, it is now
necessary for signals to be blocked for the duration of the mprotect.
This diff was omitted from the original commit, this implements the
-Z option to produce traditional (non protected) executables.
0 commit comments