elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property

mirror of https://github.com/bminor/binutils-gdb.git synced 2025-12-27 01:28:46 +00:00

The GNU_PROPERTY_MEMORY_SEAL gnu property is a way to mark binaries
to be memory sealed by the loader, to avoid further changes of
PT_LOAD segments (such as unmapping or change permission flags).
This is done along with Linux kernel (the mseal syscall [1]), and
C runtime supports to instruct the kernel on the correct time during
program startup (for instance, after RELRO handling).  This support
is added along the glibc support to handle the new gnu property [2].

This is a opt-in security features, like other security hardening
ones like NX-stack or RELRO.

The new property is ignored if present on ET_REL objects, and only
added on ET_EXEC/ET_DYN if the linker option is used.  A gnu property
is used instead of DT_FLAGS_1 flag to allow memory sealing to work
with ET_EXEC without PT_DYNAMIC support (at least on glibc some ports
still do no support static-pie).

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8be7258aad44b5e25977a98db136f677fa6f4370
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html

Change-Id: Id47fadabecd24be0e83cff45653f7ce9a900ecf4

This commit is contained in:

Adhemerval Zanella

2024-08-14 17:04:55 +00:00

parent 9f99abe9c0

commit 4d890484df

18 changed files with 235 additions and 18 deletions

									
										1

include/elf/common.h
									
												View File
												
				@@ -891,6 +891,7 @@

				/* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).  */

				#define GNU_PROPERTY_STACK_SIZE			1

				#define GNU_PROPERTY_NO_COPY_ON_PROTECTED	2

				#define GNU_PROPERTY_MEMORY_SEAL		3

				/* A 4-byte unsigned integer property: A bit is set if it is set in all

				   relocatable inputs.  */

elf: Add GNU_PROPERTY_MEMORY_SEAL gnu property

1 include/elf/common.h Unescape Escape View File

1

include/elf/common.h

View File