diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2024-08-14 17:04:55 +0000 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-01-14 13:18:43 -0300 |
| commit | 4d890484df4b2cf004f6f1f6d8c39a69fa39c875 (patch) | |
| tree | 58b64b276615b34082a27218e6b5e59dabd116f1 /gdb | |
| parent | 9f99abe9c0b69141e754d5b6d12b44227c2bd53b (diff) | |
| download | binutils-4d890484df4b2cf004f6f1f6d8c39a69fa39c875.zip binutils-4d890484df4b2cf004f6f1f6d8c39a69fa39c875.tar.gz binutils-4d890484df4b2cf004f6f1f6d8c39a69fa39c875.tar.bz2 | |
elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property
The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or change permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time during
program startup (for instance, after RELRO handling). This support
is added along the glibc support to handle the new gnu property [2].
This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.
The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used. A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4
Diffstat (limited to 'gdb')
0 files changed, 0 insertions, 0 deletions