1 |
On 28 Jan 2016 at 0:30, Alessandro Di Federico wrote: |
2 |
|
3 |
> Hi, as you might know, global read-only data (e.g. the .rodata section) |
4 |
> usually end up in the same segment as .text. This means that .rodata |
5 |
> contains potentially executable data, which is always useful for an |
6 |
> attacker looking for ROP gadgets. |
7 |
> |
8 |
> However, the gold linker has a nice option (--rosegment) to split in |
9 |
> distinct segments .rodata and .text, so that read-only data is not |
10 |
> executable. |
11 |
> |
12 |
> So: why don't we enable it in Gentoo hardened? |
13 |
|
14 |
because it's a useless security measure. for a non-executable .rodata |
15 |
section to make any sense, the following condition would have to hold: |
16 |
|
17 |
a bug (or set of bugs) is exploitable if and only if .rodata is executable. |
18 |
|
19 |
nobody has ever shown that there exists such a bug (or set of bugs) and |
20 |
in fact there's ample evidence that already executable code contains all |
21 |
the necessary gadgets an exploit would need. on the other hand breaking |
22 |
.rodata out into its own PT_LOAD segment will waste disk space, kernel |
23 |
memory, virtual address space, slow down vma lookup time, etc, for exactly |
24 |
zero gain in security. why bother? |