Fwd: LLVM collaboration?

Joseph S. Myers joseph@codesourcery.com
Wed Feb 12 16:19:00 GMT 2014

On Wed, 12 Feb 2014, Richard Biener wrote:

> What about instead of our current odd way of identifying LTO objects
> simply add a special ELF note telling the linker the plugin to use?
> .note._linker_plugin '/...../libltoplugin.so'
> that way the linker should try 1) loading that plugin, 2) register the
> specific object with that plugin.

Unless this is only allowed for a whitelist of known-good plugins in 
known-good directories, it's a clear security hole for the linker to 
execute code in arbitrary files named by linker input.  The linker should 
be safe to run on untrusted input files.

Joseph S. Myers

More information about the Gcc mailing list