Add a linker warning when creating potentially dangerous executable segments. Add tests, options to disabke and configure switches to choose defaults.

author: Nick Clifton <nickc@redhat.com> 2022-05-03 11:42:24 +0100
committer: Nick Clifton <nickc@redhat.com> 2022-05-03 11:42:24 +0100
commit: ba951afb99912da01a6e8434126b8fac7aa75107 (patch)
tree: e94ddfba29d29a82ab36d28592d6c8e7edd04350 /bfd/elf.c
parent: 46465574a925062ba7dfa72f49ba5199d7a39fc3 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/bfd/elf.c b/bfd/elf.c
index e9148dbeca..f046994e3a 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -6461,6 +6461,29 @@ assign_file_positions_except_relocs (bfd *abfd,
   alloc = i_ehdrp->e_phnum;
   if (alloc != 0)
     {
+      if (link_info != NULL && ! link_info->no_warn_rwx_segments)
+	{
+	  /* Memory resident segments with non-zero size and RWX permissions are a
+	     security risk, so we generate a warning here if we are creating any.  */
+	  unsigned int i;
+
+	  for (i = 0; i < alloc; i++)
+	    {
+	      const Elf_Internal_Phdr * phdr = tdata->phdr + i;
+
+	      if (phdr->p_memsz == 0)
+		continue;
+
+	      if (phdr->p_type == PT_TLS && (phdr->p_flags & PF_X))
+		_bfd_error_handler (_("warning: %pB has a TLS segment with execute permission"),
+				    abfd);
+	      else if (phdr->p_type == PT_LOAD
+		       && (phdr->p_flags & (PF_R | PF_W | PF_X)) == (PF_R | PF_W | PF_X))
+		_bfd_error_handler (_("warning: %pB has a LOAD segment with RWX permissions"),
+				    abfd);
+	    }
+	}
+      
       if (bfd_seek (abfd, i_ehdrp->e_phoff, SEEK_SET) != 0
 	  || bed->s->write_out_phdrs (abfd, tdata->phdr, alloc) != 0)
 	return false;
author	Nick Clifton <nickc@redhat.com>	2022-05-03 11:42:24 +0100
committer	Nick Clifton <nickc@redhat.com>	2022-05-03 11:42:24 +0100
commit	ba951afb99912da01a6e8434126b8fac7aa75107 (patch)
tree	e94ddfba29d29a82ab36d28592d6c8e7edd04350 /bfd/elf.c
parent	46465574a925062ba7dfa72f49ba5199d7a39fc3 (diff)