Commits on Nov 2, 2024

1. binutils: Add security patches …

   Before this commit, the `.CRT` section (which contains pointers to image TLS
   callbacks) and the `.idata` section (which contains `__imp_` pointers to
   dllimport functions) that had been created by the GNU linker were writeable.
   
   As these functions to pointers are essential for programs to be functional,
   they could be exploited to inject malicious code, like the well-known IFUNC
   backdoor in XZ Utils. The Microsoft linker does not create these sections as
   writeable; instead, they seem to be merged into `.rdata` and are not
   modifiable, unless unprotected.
   
   LLD also does the same, suggesting these sections be merged into `.rdata`:
   https://github.com/llvm/llvm-project/blob/ebeb56af5f8f1ff9da8f5a7e98348f460d223de1/lld/COFF/Driver.cpp#L2034-L2048
   
   This commit includes the following countermeasures:
   
   1. Patch 3005 ensures the final `.CRT` and `.idata` sections (if any) will
      not be writeable in the final image.
   2. Patch 3006 merges known sub-sections of `.CRT`, as well as `.ctors` and
      `.dtors` (which were merged into `.text` instead), into `.rdata`.
      Merging `.idata` into `.rdata` seems to prevent dllimport from working,
      so there's still an `.idata` section in the final image.
      See also: https://stackoverflow.com/questions/22651433/pe-idata-section
   
   Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=32264
   Signed-off-by: LIU Hao <[email protected]>

   

   lhmouse committed Nov 2, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 48a098b
   • Browse repository at this point

   Copy the full SHA

   48a098b View commit details

   Browse the repository at this point in the history