| 1 |
On 28 Jan 2016 at 0:30, Alessandro Di Federico wrote: |
| 2 |
|
| 3 |
> Hi, as you might know, global read-only data (e.g. the .rodata section) |
| 4 |
> usually end up in the same segment as .text. This means that .rodata |
| 5 |
> contains potentially executable data, which is always useful for an |
| 6 |
> attacker looking for ROP gadgets. |
| 7 |
> |
| 8 |
> However, the gold linker has a nice option (--rosegment) to split in |
| 9 |
> distinct segments .rodata and .text, so that read-only data is not |
| 10 |
> executable. |
| 11 |
> |
| 12 |
> So: why don't we enable it in Gentoo hardened? |
| 13 |
|
| 14 |
because it's a useless security measure. for a non-executable .rodata |
| 15 |
section to make any sense, the following condition would have to hold: |
| 16 |
|
| 17 |
a bug (or set of bugs) is exploitable if and only if .rodata is executable. |
| 18 |
|
| 19 |
nobody has ever shown that there exists such a bug (or set of bugs) and |
| 20 |
in fact there's ample evidence that already executable code contains all |
| 21 |
the necessary gadgets an exploit would need. on the other hand breaking |
| 22 |
.rodata out into its own PT_LOAD segment will waste disk space, kernel |
| 23 |
memory, virtual address space, slow down vma lookup time, etc, for exactly |
| 24 |
zero gain in security. why bother? |
Archives