[PATCH] D66426: [lld] Enable a watermark of loadable sections to be generated and placed in a note section
Chris Jackson via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 27 08:27:10 PST 2019
chrisjackson added a comment.
In D66426#1761510 <https://reviews.llvm.org/D66426#1761510>, @JonChesterfield wrote:
> I sympathize with the requirement to tell whether a binary has been edited after the link step. E.g. one could then raise an error from the loader.
>
> Writing 8 bytes to a known location in the binary can't achieve that. Whatever post link modification is performed will recalculate and update the hash in the binary. If I understand correctly, the plan is to enhance a llvm binary utility to conveniently perform this updating, or at least to provide the 8 bytes to be written into the known location by any other tool.
>
> So I see the cost - lld and other tools get more complicated - and I see the requirement - but I can't see how the proposed change meets the requirement.
A post-link modification could recalculate and update the hash, but this would only occur in a deliberate attempt to subvert the watermark mechanism. The watermark is not intended to detect all, e.g. nefarious, post-link modifications. It is not a security feature.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D66426/new/
https://reviews.llvm.org/D66426
More information about the llvm-commits
mailing list