Re: [PATCH] lkdtm: add test for executing .rodata
From: Kees Cook
Date: Mon Feb 22 2016 - 15:46:34 EST
On Thu, Feb 18, 2016 at 1:27 PM, PaX Team <pageexec@xxxxxxxxxxx> wrote:
> On 18 Feb 2016 at 12:34, Ard Biesheuvel wrote:
>
>> However, that does not fix the issue Kees is trying to solve, where a
>> .rodata section is emitted with the "x" bit set, which causes the
>> linker to complain:
>>
>> /tmp/cc50ffWw.s: Assembler messages:
>> /tmp/cc50ffWw.s:2: Warning: setting incorrect section attributes for
>> .rodata.text
>
> in that case why not use a top-level asm statement to set the section
> and its attributes (and compile the file with fno-toplevel-reorder)?
GCC really wants to declare the section. :(
asm(".pushsection .rodata");
static void do_nothing_rodata(void)
{
return;
}
asm(".popsection");
With -fno-toplevel-reorder, this produces:
#APP
.pushsection .rodata
#NO_APP
.section .text.unlikely
.LCOLDB42:
.text
.LHOTB42:
.p2align 4,,15
.type do_nothing_rodata, @function
do_nothing_rodata:
.LFB2756:
.loc 1 323 0
.cfi_startproc
pushq %rbp
...
So I either need to define "ret" for every architecture, define the
linker comment character for every architecture, or do some generated
file. I'll try the latter next...
-Kees
--
Kees Cook
Chrome OS & Brillo Security