This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: Creating .note sections
Ceri Storey <cez at necrofish dot org dot uk> writes:
> On Thu, Apr 24, 2003 at 11:29:15AM +0100, Nick Clifton wrote:
> > But why should you want to create your own segments ? Normally the
> > linker (or objcopy) will take care of this for you.
>
> I'm attempting to create a digital signature based executable
> verification system for NetBSD, like Microsoft's Authenticode.
>
> What I'm doing is creating a signature of all the non-note sections of
> an executable, then writing this back into a PT_NOTE segment of the
> executable, which is then checked by the kernel when the executable is run.
> (Phew).
>
> I could use the section table, but I'd rather avoid any additional
> complexity in kernel space.
>
> Admittedly it's not exactly a pleasant way of doing it..
That's interesting. I assume that the section has a fixed size. That
suggests that you could create the section in some object file, with
zero contents, or you could add it at link time with zero contents.
The linker should create a PT_NOTE segment for each loadable .note
section, so everything should look right. Then you can compute the
signature.
The trick of course is then to put the signature into the file. The
sneaky way is to objdump to get the file offset of the section, and
use some sort of binary editor to put the bytes in place.
Or you could write a --change-section for objcopy, along the lines of
--add-section. For such a section, you would simply change
copy_section() to use the specified contents instead of calling
bfd_get_section-contents().
Ian