MacOS Catalina 上的 ld64 segprot 不起作用? [英] ld64 segprot on MacOS Catalina not working?

问题描述

我想在 MacOS Catalina(64 位)上创建一个具有可执行数据段的二进制文件(参见 此处 了解详情)但从一开始就无法执行.

I want to create a binary on MacOS Catalina (64 bit) with a data segment that can be made executable (see here for details) but is not executable from the start.

我用

gcc -nostdlib -segprot __DATA rwx rw- .... 

我还用gcc创建了一个目标文件，然后直接调用了ld.ld 版本是

I also created an object file with gcc and then called ld directly. The ld version is

$ ld -v
@(#)PROGRAM:ld  PROJECT:ld64-530
BUILD 18:57:17 Dec 13 2019
configured to support archs: armv6 armv7 armv7s arm64 arm64e arm64_32 i386 x86_64 x86_64h armv6m armv7k armv7m armv7em
LTO support using: LLVM version 11.0.0, (clang-1100.0.33.17) (static support for 23, runtime is 23)
TAPI support using: Apple TAPI version 11.0.0 (tapi-1100.0.11)

那应该使数据段最初是 RW，但允许我使用 mprotect 将该段中的权限扩展到 RWX.

That should make the data segment initially RW, but allow me to use mprotect to extend permission in that segment to RWX.

但是，我注意到 __DATA 段是 RW 的初始和最大权限:

However, I notice that the __DATA segment is RW for initial and max permission:

$ otool -l jonesforth
.
.
.
Load command 2
      cmd LC_SEGMENT_64
  cmdsize 312
  segname __DATA
   vmaddr 0x0000000100001000
   vmsize 0x0000000000024000
  fileoff 4096
 filesize 4096
  maxprot 0x00000003
 initprot 0x00000003
   nsects 3
    flags 0x0
Section
.
.
.

有什么我遗漏的吗?达尔文文档这里 说:

Is there something I'm missing? The darwin documentation here says:

-segprot name max init (32-bit only)

              Specifies the maximum and initial virtual memory  protection  of
              the  named segment, name, to be max and init ,respectively.  The
              values for max and init are any combination  of  the  characters
              `r'  (for  read), `w' (for write), `x' (for execute) and '-' (no
              access).  The default is `rwx' for the  maximum  protection  for
              all segments for PowerPC architecures and `rw` for the all Intel
              architecures.  The default for the initial  protection  for  all
              segments  is  `rw'  unless  the segment contains a section which
              contains some machine instructions, in which  case  the  default
              for  the initial protection is `rwx' (and for Intel architecures
              it also sets the maximum protection to `rwx' in this case).  The
              default for the initial protection for the ``__TEXT'' segment is
              `rx' (not writable).

当然，那是达尔文(仅限 32 位)文档，但这是我发现的唯一内容.我怀疑 gcc 没有正确"支持 darwin 保护语法，或者它已损坏，或者 darwin 中的内容从 x86 更改为 x64.

Of course, that the darwin (32 bit only) documentation but it's the only thing I found. I suspect that either gcc does not 'properly' support the darwin protection syntax, or it's broken, or things in darwin changed from x86 to x64.

任何指针都会很棒，提前致谢.

Any pointers would be great, thanks in advance.

推荐答案

是的，3 月 18 日确实发生了一些事情:

Yes, something did happen on March 18:

Apple 提交了更改 这使得 ld 始终为非 i386 架构设置 maxprot = initprot，因此包括 x64，即 Catalina.不清楚这是否是故意的，它与 ld 联机帮助页不一致.

Apple committed a change that makes ld always set maxprot = initprot for non-i386 architectures, so including x64, ie Catalina. It's unclear whether this was intentional, it's at odds with the ld manpage.

一种解决方法当然是在 initprot 中为整个段设置所需的保护级别.如果想要更细粒度的控制，可以将所需的数据/代码移动到一个单独的段中.

One workaround is of course to set the desired protection level for the entire segment in initprot. One can probably move the desired data/code into a separate segment if one wants to have finer grained control.

另一种解决方法，感谢 Darfink 的评论:您还可以更改链接器或修改所需的 maxprotld 运行后.Darfink 指出他的 ld64 包装器python 脚本，自动执行此操作.

Another workaround, thanks to the comment from Darfink: One can also change the linker or modify the desired maxprot after ld runs. Darfink pointed out his ld64 wrapper, a python script, to automate this.

这篇关于MacOS Catalina 上的 ld64 segprot 不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！