- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation Intel_SGX_Developer_Reference_Linux_2.13.3 suggests:
You are also encouraged to help harden your enclaves, by passing one of the following options to the linker, to put read-only non-executable sections in your own segment:
ld.gold --rosegment
or,
-Wl,-fuse-ld=gold –Wl,--rosegment
Why is it better to use ld.gold?
Wikipedia says:
Fedora has moved gold from binutils into its own package due to concerns it is suffering from bitrot after Google's interest has moved to LLVM.[6]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello David,
Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello shmoo,
I am working with engineering on getting clarification on why they recommend using ld.gold. I apologize for the delay.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello shmoo,
I apologize for the delay. I will reply to this thread as soon as I have an answer.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello shmoo,
ld.gold is recommended only because it further enforces readonly non-executable segments. It is not necessarily better than ld.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jesus,
Thank you for asking the engineering team!
What does it mean, that it further enforces read-only non-executable segments?
Sincerely,
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello David,
Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page