This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)

From: Florian Weimer <fweimer at redhat dot com>
To: Mathias Payer <mathias dot payer at nebelwelt dot net>, Alan Modra <amodra at gmail dot com>
Cc: binutils at sourceware dot org, libc-alpha at sourceware dot org, Xinyang Ge <xxg113 at cse dot psu dot edu>, Trent Jaeger <tjaeger at cse dot psu dot edu>
Date: Fri, 23 Dec 2016 20:02:22 +0100
Subject: Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
Authentication-results: sourceware.org; auth=none
References: <ec97c532-6576-8eec-05b0-1c206293b1b0@nebelwelt.net> <5bb116b9-2633-bb9d-bd93-edece2fc56ec@redhat.com> <20161223143554.GG2896@bubble.grove.modra.org> <b4ef9e7d-0c69-e08c-cd08-b4033835b999@nebelwelt.net> <b0462cbd-5322-c7ab-66bb-d9f46a0991b2@redhat.com> <A492920E-0B50-400F-B3FA-0A142364018F@nebelwelt.net>

On 12/23/2016 07:32 PM, Mathias Payer wrote:



On December 23, 2016 7:18:29 PM GMT+01:00, Florian Weimer <fweimer@redhat.com> wrote:

On 12/23/2016 07:04 PM, Mathias Payer wrote:

At the linker level you likely don't know if the referenced symbol is

RO

or not (as it could come from any object) -- only the runtime loader

has

this knowledge and at that time it is too late as PIE uses relative
addressing inside the object.


The static linker necessarily sees a definition, otherwise it cannot
produce a copy relocation because copy relocations must refer to
objects
of known size.


Agreed. The static linker knows about the symbol and size but not the permission. That information is discarded after compilation.

That's not quite true. At least in the vtable case, the vtable isemitted in the .data.rel.ro section, and this information is definitelyavailable to the static linker.


For your class A, the compiler emits the following vtable:

        .weak   _ZTV1A
        .section        .data.rel.ro._ZTV1A,"awG",@progbits,_ZTV1A,comdat
        .align 8
        .type   _ZTV1A, @object
        .size   _ZTV1A, 24
_ZTV1A:
        .quad   0
        .quad   _ZTI1A
        .quad   _ZN1A2a1Ev

And the static linker, when producing a DSO, puts that into the.data.rel.ro section. (Otherwise, using -fPIC wouldn't server as aworkaround.)


Thanks,
Florian

Follow-Ups:
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Alan Modra
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer

References:
- Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Florian Weimer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Alan Modra
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Florian Weimer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]