From 514b4e191d5f46de8e142fe216e677a35fa9c4bb Mon Sep 17 00:00:00 2001 From: Jeremy Drake Date: Thu, 27 Aug 2020 12:58:27 +0100 Subject: Change the default characteristics of DLLs built by the linker to more secure settings. PR 19011 * emultempl/pe.em (DEFAULT_DLL_CHARACTERISTICS): Define. (pe_dll_characteristics): Initialise to DEFAULT_DLL_CHARACTERISTICS. (add_options): Add options to disable DLL characteristics. (list_options): List the new options. (handle_options): Handle the new options. * emultempl/pep.em: Similar changes to above. (NT_EXE_IMAGE_BASE): Default to an address above 4G. (NT_DLL_IMAGE_BASE, NT_DLL_AUTO_IMAGE_BASE, (NT_DLL_AUTO_IMAGE_MASK): Likewise. * ld.texi: Document the new options. * pe-dll.c (pe_dll_enable_reloc_section): Change to default to true. (generate_reloc): Do nothing if there is no reloc section. (pe_exe_fill_sections): Only assign the reloc section contents if the section exists. * testsuite/ld-pe/pe.exp: Add the --disable-reloc-section flag to the .secrel32 tests. * testsuite/ld-scripts/provide-8.d: Expect for fail on PE targets. * NEWS: Mention the change in DLL generation. --- ld/NEWS | 3 +++ 1 file changed, 3 insertions(+) (limited to 'ld/NEWS') diff --git a/ld/NEWS b/ld/NEWS index 0fea911..6953481 100644 --- a/ld/NEWS +++ b/ld/NEWS @@ -1,5 +1,8 @@ -*- text -*- +* The creation of PE format DLLs now defaults to using a more secure set of DLL + characteristics. + * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact -- cgit v1.1