This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64


On Tue, Aug 11, 2015 at 2:39 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> On Tue, Aug 11, 2015 at 2:21 PM, Sriraman Tallam <tmsriram@google.com> wrote:
>> Details here:
>> https://sourceware.org/bugzilla/show_bug.cgi?id=18801
>>
>> Thanks to Paul Pluzhnikov for identifying the problem and suggesting the fix.
>
> I'll note that this will cause any TEXTREL binary to fail under
> SELinux config that prohibits "W+E" permissions. But I think there are
> few such binaries.
>
> It's either
> - make TEXTREL binary not run under SELinux, or
> - make them run, but crash mysteriously if they have a called IFUNC
> resolver in them (or are linked with '-z,now').

How about

1. Change ld to disallow TEXTREL with IFUNC and without "-z now'".  Or
2. Change ld to set DT_BIND_NOW if there is TEXTREL with
IFUNC.  Or
3. Update ld to set a new DT_XXXX if there  TEXTREL with IFUNC and
ld.so will call mprotect with PROT_EXEC only if there is DT_XXXX.

My preference is #1, #2, #3.


-- 
H.J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]