[llvm-dev] [lld] RFC: Allow custom sections to be under GNU_RELRO

Anton Bikineev via llvm-dev llvm-dev at lists.llvm.org
Thu Mar 26 12:46:22 PDT 2020


Hey,

We would like to propose an idea that would help security harden
applications that define custom sections.

Motivation and Background
In Chromium we have a garbage collector that implements some RTTI machinery
in the form of a table. This table is used by the collector to trace and
finalize garbage collected objects. We're thinking of using
__attribute__((section(...))) so that the table can be created and merged
at link time. We also use -fPIC and therefore rely on the dynamic linker to
process relocations in this table after the program is loaded. At the same
time, we want the table to be read-only after relocations are applied, in
the same fashion as e.g. .got sections are write protected after eager
binding (with -z,relro,-z,now). The custom section can't be mprotected,
because it can live in the same PT_LOAD segment as other modifiable data
(e.g. .data).

At the moment, all big 3 ELF linkers hardcode names of
read-only-after-relocation sections (.data.rel.ro, .bss.rel.ro, .ctors,
.eh_frame, ...). We would like to propose extending this for custom
sections that end with ".rel.ro".

What do you think? Would this be useful to you?

-- 
Sincerely,
Anton.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200326/6ce221d6/attachment.html>


More information about the llvm-dev mailing list