[Bug ld/23567] much larger static binaries compared to a few months ago

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=23567

--- Comment #5 from Nick Clifton <nickc at redhat dot com> ---
Hi Felix,

> With -z noseparate-code I'm down to 9512 bytes. That is much better but still
> more than gold produces. And looking at the binary in a hex editor still shows
> a ton of padding bytes after .text and .data.

Have you tried linking with -N added to the command line ?

> The difference would be that those are no longer mapped as
> executable, but they are not mapped as writable either. So what attack exactly
> are we preventing here?

Who knows. :-)  I am not really a security expert.  But maybe an 
inventive programmer could find a sequence of data values that 
could also be valid as instruction bytes.  (Or maybe they could
surreptitiously insert them into the program sources somehow).
Then they might be able to use these instructions as part of an
attack.

> I'm not sure what security we are actually buying here. Is there documentation
> about this?

Probably somewhere, but I do not have any links to hand.  Sorry,
but this is not my area of expertise.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.