elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property

The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or change permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time during
program startup (for instance, after RELRO handling).  This support
is added along the glibc support to handle the new gnu property [2].

This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.

The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used.  A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html

Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4

1 files changed, 3 insertions, 0 deletions

diff --git a/ld/NEWS b/ld/NEWS
index 4a19f5a..5d5fec4 100644
--- a/ld/NEWS
+++ b/ld/NEWS
@@ -33,6 +33,9 @@ Changes in 2.43:
 
 * Add -plugin-save-temps to store plugin intermediate files permanently.
 
+* Add -z memory-seal/-z nomemory-seal options to ELF linker to mark the
+  object to memory sealed.
+
 Changes in 2.42:
 
 * Add -z mark-plt/-z nomark-plt options to x86-64 ELF linker to mark PLT