diff options
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 7 | ||||
| -rw-r--r-- | bfd/elf.c | 50 | ||||
| -rw-r--r-- | bfd/elflink.c | 35 |
3 files changed, 81 insertions, 11 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 2b12eb3..f8086fb 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2023-11-10 Nick Clifton <nickc@redhat.com> + + * elf.c (assign_file_positions_except_relocs): Turn warnings about + executable segments into errors if so requested. + * elflink.c (bfd_elf_size_dynamic_sections): Turn warnings about + executable stacks into errors if so requested. + 2023-10-30 Nick Clifton <nickc@redhat.com> * bpf-reloc.def (R_BPF_64_NODLD32): Add entry. @@ -7010,6 +7010,9 @@ assign_file_positions_except_relocs (bfd *abfd, { if (link_info != NULL && ! link_info->no_warn_rwx_segments) { + bool warned_tls = false; + bool warned_rwx = false; + /* Memory resident segments with non-zero size and RWX permissions are a security risk, so we generate a warning here if we are creating any. */ @@ -7022,16 +7025,47 @@ assign_file_positions_except_relocs (bfd *abfd, if (phdr->p_memsz == 0) continue; - if (phdr->p_type == PT_TLS && (phdr->p_flags & PF_X)) - _bfd_error_handler (_("warning: %pB has a TLS segment" - " with execute permission"), - abfd); - else if (phdr->p_type == PT_LOAD + if (! warned_tls + && phdr->p_type == PT_TLS + && (phdr->p_flags & PF_X)) + { + if (link_info->warn_is_error_for_rwx_segments) + { + _bfd_error_handler (_("\ +error: %pB has a TLS segment with execute permission"), + abfd); + return false; + } + + _bfd_error_handler (_("\ +warning: %pB has a TLS segment with execute permission"), + abfd); + if (warned_rwx) + break; + + warned_tls = true; + } + else if (! warned_rwx + && phdr->p_type == PT_LOAD && ((phdr->p_flags & (PF_R | PF_W | PF_X)) == (PF_R | PF_W | PF_X))) - _bfd_error_handler (_("warning: %pB has a LOAD segment" - " with RWX permissions"), - abfd); + { + if (link_info->warn_is_error_for_rwx_segments) + { + _bfd_error_handler (_("\ +error: %pB has a LOAD segment with RWX permissions"), + abfd); + return false; + } + + _bfd_error_handler (_("\ +warning: %pB has a LOAD segment with RWX permissions"), + abfd); + if (warned_tls) + break; + + warned_rwx = true; + } } } diff --git a/bfd/elflink.c b/bfd/elflink.c index 99f4cdd..49ea222 100644 --- a/bfd/elflink.c +++ b/bfd/elflink.c @@ -7152,9 +7152,20 @@ bfd_elf_size_dynamic_sections (bfd *output_bfd, /* If the user has explicitly requested warnings, then generate one even though the choice is the result of another command line option. */ if (info->warn_execstack == 1) - _bfd_error_handler - (_("\ + { + if (info->error_execstack) + { + _bfd_error_handler + (_("\ +error: creating an executable stack because of -z execstack command line option")); + return false; + } + + _bfd_error_handler + (_("\ warning: enabling an executable stack because of -z execstack command line option")); + } + elf_stack_flags (output_bfd) = PF_R | PF_W | PF_X; } else if (info->noexecstack) @@ -7210,11 +7221,29 @@ warning: enabling an executable stack because of -z execstack command line optio being enabled despite the fact that it was not requested on the command line. */ if (noteobj) - _bfd_error_handler (_("\ + { + if (info->error_execstack) + { + _bfd_error_handler (_("\ +error: %s: is triggering the generation of an executable stack (because it has an executable .note.GNU-stack section)"), + bfd_get_filename (noteobj)); + return false; + } + + _bfd_error_handler (_("\ warning: %s: requires executable stack (because the .note.GNU-stack section is executable)"), bfd_get_filename (noteobj)); + } else if (emptyobj) { + if (info->error_execstack) + { + _bfd_error_handler (_("\ +error: %s: is triggering the generation of an executable stack because it does not have a .note.GNU-stack section"), + bfd_get_filename (emptyobj)); + return false; + } + _bfd_error_handler (_("\ warning: %s: missing .note.GNU-stack section implies executable stack"), bfd_get_filename (emptyobj)); |