We don't use the __openbsd_randomdata_{start,end} symbols, but ratherget that info via the PT_OPENBSD_RANDOM segment info, so kill the symbolsWhile here, delete the commented out lines for __DYNAMI
We don't use the __openbsd_randomdata_{start,end} symbols, but ratherget that info via the PT_OPENBSD_RANDOM segment info, so kill the symbolsWhile here, delete the commented out lines for __DYNAMIC as the questionthey ask is answered 'no'ok matthew@ back in May
show more ...
Add support for .openbsd.randomdata sections and PT_OPENBSD_RANDOMIZEsegments to the kernel, ld (2.15), and ld.so. Tested on alpha, amd64,i386, macppc, and sparc64 (thanks naddy, mpi, and okan!).
Add support for .openbsd.randomdata sections and PT_OPENBSD_RANDOMIZEsegments to the kernel, ld (2.15), and ld.so. Tested on alpha, amd64,i386, macppc, and sparc64 (thanks naddy, mpi, and okan!).Idea discussed for some time; committing now for further testing.ok deraadt
Fixup ldscripts for i386 when linked with -pie (no change to non-pieldscripts). Correct the xd and xdc ldscripts (pie and pie + combreloc)on i386 and add two new variants for pie + combreloc + Z an
Fixup ldscripts for i386 when linked with -pie (no change to non-pieldscripts). Correct the xd and xdc ldscripts (pie and pie + combreloc)on i386 and add two new variants for pie + combreloc + Z and pie + Z onall arches. ok drahn@
Merge conflicts, bringing our changes back in:- extra $(SHELL) and sugar for make (so that files not mode +x still work)- safer temp file handling- our W^X binary layout changes in ld- OpenBSD po
Merge conflicts, bringing our changes back in:- extra $(SHELL) and sugar for make (so that files not mode +x still work)- safer temp file handling- our W^X binary layout changes in ld- OpenBSD policy for library file selection in ld- arm and m88k changes which were not merged in time for official 2.15- bfd core file handling- a couple typosNew for 2.15:- ld(1) and as(1) manpages now generated at build time- binutils/stabs.c reverted to use our in-tree libiberty for now- we still use our VIA C3 crypto code over stock binutils, as it recognizes more instructions- new emulations for OpenBSD on mips64 machines, to help OpenBSD/sgi- relaxed %f# handling in gas on OpenBSD/sparc64 (same as was in 2.14)Tested on all platforms by various people; special thanks to sturm@ andotto@.
Binutils 2.15, with testsuites removed, and without gdb and libiberty.
emacs undump is very sensative to the section ordering, For W^X a coupleof sections were moved for protections purposes. This causes problemswith emacs undump. Only move the sections if the W^X pad
emacs undump is very sensative to the section ordering, For W^X a coupleof sections were moved for protections purposes. This causes problemswith emacs undump. Only move the sections if the W^X padding is active.Generate the scripts properly for newer binutils, on i386 if -Z isactive, move the executable start address back to the classic base address.
provide a way data plt prepending got; drahn@ ok
Resolve merge conflicts, adjust method of W^X handing (.sh files)remove testsuites (not useable) remove mmalloc (not part of new binutils).
import binutils 2.14 (excluding testsuites, .info files, and .po files)
powerpc ld.so has a slightly unreasonable expectation about __got_startand the location of the GOT. reorder GOT and the CTOR/DTOR section.
Make CTORS/DTORS non-writeable in dynamic binaries. ok deraadt@
Switch i386 to new binutils, i386 tools now do ELF.RODATA_* align macros to preserve current behavior on otherarchs and allow for 1G sep between beginning of exe and beginning of dataDARPA funded
Switch i386 to new binutils, i386 tools now do ELF.RODATA_* align macros to preserve current behavior on otherarchs and allow for 1G sep between beginning of exe and beginning of dataDARPA funded work.
use common elf.sc instead of own hppaobsd.sc, catch up w/ dale's elf work for hppa; drahn@ lots of helps and ok
ELF security enhancement: put .rodata into it's own load section insteadof putting it with the text. This removes the execute permissionfrom readonly data. This constrains the executable region to
ELF security enhancement: put .rodata into it's own load section insteadof putting it with the text. This removes the execute permissionfrom readonly data. This constrains the executable region to portionsof the executable which need to be executable. Note: not all processorsor mmus are capable of -X protection at the page level, but shouldhandle ELF images which specify specific RWX protections on each section.
This is a project to modify executables so that they do not have anyexecutable regions which are writable. If a section of an executable iswritable and executable, it is much easier for errant code
This is a project to modify executables so that they do not have anyexecutable regions which are writable. If a section of an executable iswritable and executable, it is much easier for errant code to modify theexecutable's behavior.Two current areas in shared library environments which have thiscritical problem are the GOT (Global Offset Table) and PLT (ProcedureLinkage Table). The PLT is required to be executable and both GOT andPLT are writable on most architectures. On most ELF architecturemachines this would cause shared libraries to have data and BSS markedas executable.Padding to the linker script for programs and shared libraries/objectsto isolate the GOT and PLT into their own load sections in theexecutables. This allows only the text(readonly) region and the PLTregion to be marked executable with the normal data and BSS not markedas executable. The PLT region is still marked executable on mostarchitectures because the PLT lives in the "data" or "BSS" regionsand the dynamic loader will need to modify it. Since the GOT and PLTshould only ever be written by the dynamic linker, it will be modifiedto mprotect those regions so that they are not writable during normalexecution. If the dynamic linker needs to modify the regions later,(eg for lazy binding), it will mprotect the region, make the necessarychanges, and mprotect it back. Since it is possible to receive asignal which would interrupt the program flow and perhaps cause thedynamic linker to modify the same (or nearby) PLT references, it is nownecessary for signals to be blocked for the duration of the mprotect.
provide our own path for generating the ldscripts and tweak it accordingly; fgsch@ ok
no longer needed; byebye.
resolve conflicts.
Import binutils-2.11.2- only the binutils package (no gdb here)- don't import libiberty and texinfo, they are elsewhere- remove all .info* generated files
Automatic cvs merge. Dread what I will have to fix after this excuseof a program is done...
Long delayed import of binutils-2.10.1. Turns out art@ needs some alphabug-fixes...
Resolve other problems that dumb cvs can't find out by itself.(trivial part done, `interesting' patches remain)
Help stupid cvs fixing basic conflicts.
Import binutils-2.10- only the binutils package (no gdb here)- don't import libiberty and texinfo, they are elsewhere- remove all .info* generated files
Import of binutils-2.8.1 from Cygnus/FSF
12