On Wed, 12 Feb 2014, Richard Biener wrote: > What about instead of our current odd way of identifying LTO objects > simply add a special ELF note telling the linker the plugin to use? > > .note._linker_plugin '/...../libltoplugin.so' > > that way the linker should try 1) loading that plugin, 2) register the > specific object with that plugin.
Unless this is only allowed for a whitelist of known-good plugins in known-good directories, it's a clear security hole for the linker to execute code in arbitrary files named by linker input. The linker should be safe to run on untrusted input files. -- Joseph S. Myers jos...@codesourcery.com
