Diff for /wikisrc/projects/project/secureplt.mdwn between versions 1.5 and 1.6

version 1.5, 2018/02/15 00:58:05 version 1.6, 2018/02/24 01:33:44
Line 21  If that is completed, then we can also a Line 21  If that is completed, then we can also a
 Currently kernels with options PAX_MPROTECT can not execute dynamically linked binaries on most RISC architectures, because the PLT format defined by the ABI of these architectures uses self-modifying code. New binutils versions have introduced a different PLT format (enabled with --secureplt) for alpha and powerpc.  Currently kernels with options PAX_MPROTECT can not execute dynamically linked binaries on most RISC architectures, because the PLT format defined by the ABI of these architectures uses self-modifying code. New binutils versions have introduced a different PLT format (enabled with --secureplt) for alpha and powerpc.
   
   
   
 Milestones:  Milestones:
   
 * For all architectures we can improve security by implementing [relro](http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html).  * For all architectures we can improve security by implementing [relro](http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html).
 * Once this is done, we can improve security for the RISC architectures by adding support for the new PLT formats introduced in binutils 2.17 and gcc4.1 This will require changes to the dynamic loader (ld.elf_so), various assembly headers, and library files.  * Once this is done, we can improve security for the RISC architectures by adding support for the new PLT formats introduced in binutils 2.17 and gcc4.1 This will require changes to the dynamic loader (ld.elf_so), various assembly headers, and library files.
 * Support for both the old and new formats in the same invocation will be required.  * Support for both the old and new formats in the same invocation will be required.
   
   Status:
   * Added support to the dynamic loader (ld.elf_so) to handle protecting the GNU relro section.
   * Enabled partial RELRO by default on x86.
   
 """  """
 ]]  ]]

Removed from v.1.5  
changed lines
  Added in v.1.6


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb