On 28 Jan 2016 at 0:30, Alessandro Di Federico wrote: > Hi, as you might know, global read-only data (e.g. the .rodata section) > usually end up in the same segment as .text. This means that .rodata > contains potentially executable data, which is always useful for an > attacker looking for ROP gadgets. > > However, the gold linker has a nice option (--rosegment) to split in > distinct segments .rodata and .text, so that read-only data is not > executable. > > So: why don't we enable it in Gentoo hardened?
because it's a useless security measure. for a non-executable .rodata section to make any sense, the following condition would have to hold: a bug (or set of bugs) is exploitable if and only if .rodata is executable. nobody has ever shown that there exists such a bug (or set of bugs) and in fact there's ample evidence that already executable code contains all the necessary gadgets an exploit would need. on the other hand breaking .rodata out into its own PT_LOAD segment will waste disk space, kernel memory, virtual address space, slow down vma lookup time, etc, for exactly zero gain in security. why bother?
