Fwd: LLVM collaboration?

Joseph S. Myers joseph@codesourcery.com
Wed Feb 12 16:19:00 GMT 2014


On Wed, 12 Feb 2014, Richard Biener wrote:

> What about instead of our current odd way of identifying LTO objects
> simply add a special ELF note telling the linker the plugin to use?
> 
> .note._linker_plugin '/...../libltoplugin.so'
> 
> that way the linker should try 1) loading that plugin, 2) register the
> specific object with that plugin.

Unless this is only allowed for a whitelist of known-good plugins in 
known-good directories, it's a clear security hole for the linker to 
execute code in arbitrary files named by linker input.  The linker should 
be safe to run on untrusted input files.

-- 
Joseph S. Myers
joseph@codesourcery.com



More information about the Gcc mailing list