[Bug ld/29448] aarch64: "has a LOAD segment with RWX permissions"

[jerome.forissier at linaro dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=29448

--- Comment #2 from Jérôme Forissier <jerome.forissier at linaro dot org> ---
(In reply to Nick Clifton from comment #1)
> (In reply to Jérôme Forissier from comment #0)
>  
> > tee.elf is produced with a custom linker script.
> 
> Do you *want* a segment with read, write and execute permission ?

Currently it doesn't matter because the ELF segment information is not used to
define MMU permissions. It is a special situation, the ELF is an OS kernel, it
is further processed to extract all LOAD segments and produce a raw binary. The
runtime MMU mappings are defined based on delimiters (symbols) in the binary.

>  It does
> represent a potential security vulnerability and it might be worth your time
> to examine the linker script and see if you can put the code and the data
> into separate segments.

Yes I understand that, what I am questioning is why ld doesn't emit several
LOAD segments it on its own (like Clang does for instance, with the same linker
script) since I give it no constraint whatsoever. The linker script has no
PHDRS instructing to merge .text .rodata .data, yet they all end up in the same
segment.

> > Previously, no warning was output. Now that the linker warns by default, it
> > causes build errors with --fatal-warnings (obviously) which is a bit
> > annoying.
> 
> Assuming that you want to keep things the way that they are you can use the
> --no-warn-rwx-segments command line option to disable the message.

Yep that's a reasonable thing to do in my case, but still, I think the behavior
is a bit weird. Again, ld deciding to create that RWX segment and later
complaining about its own decision ;-)

Thanks.
-- 
Jerome

-- 
You are receiving this mail because:
You are on the CC list for the bug.