linux ELF section and header access permission

Question

In my understanding, ELF header is for program execution view. section is for linker's view.

but linux command 'readelf' shows that there are memory access permission flag for each section (AWX) and each header (RWE).

the book say's more than one of section is merged into single header. what happens if when linker merges more than one section into single header and each section has different access permission flags??

and what is the relationship between access permission in /proc/[pid]/maps such as

root@declspec-desktop:/tmp# cat /proc/1951/maps
004a5000-005f8000 r-xp 00000000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so
005f8000-005fa000 r--p 00153000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so
005fa000-005fb000 rw-p 00155000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so

and access permission in section and header??

how does these permissions (in /proc/[pid]/maps) determined?

Answer 1

As per my understanding for your example above, permissions in /proc//maps are the permissions associated with different sections. For example, in the above snippet, entry with permissions - 'r-xp' gives the address of .text segment (location where code is present.) For this reason, if you check, it does not contain 'w' permission as we are not supposed to write new code in an executing binary. So, in your above example -

004a5000-005f8000 r-xp 00000000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so - TEXT AREA which contains executable code

005f8000-005fa000 r--p 00153000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so - Area that contains read only variables or constants (.rodata data)

005fa000-005fb000 rw-p 00155000 08:01 511     /lib/tls/i686/cmov/libc-2.11.1.so - Area where we have variables used by program i.e. (.data)

Sorry, i could not follow your other question. Can you please elaborate? Also, which book are you talking about?

Answer 2

My understanding is that the program header (or segment) contains the bitwise-or of the permissions of the sections which were merged into it. So in your example if a RW- section was merged with a R-- section into one segment, it would end up being RW-. To avoid this you would arrange to have them in unique segments.

If you had a '.hello' section (which is indeed possible!) then it's entry in the memory map depends on which segment contains it. The permissions would be at least as strict as the sections, but may be looser, if there are also other sections with additional permissions in the same segment.

But to me - it's not clear why anyone is talking about how a 'section' ends up in an 'executable'. As OP mentions, sections are for linking, and segments are for loading. It's fine to have an ELF with no sections and still load and run properly. /proc/map lines only correspond to the segment table