This is the mail archive of the
mailing list for the binutils project.
Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
> Thanks for the pointer to the email thread. From the conversation, it
> seemed possible that the DSO and the executable can have two different
> views of certain variables (presumably due to variable duplication/copy
> relocation). We have considered this possibility before but found
> that as long as the DSO uses the GOT to access its exported variables,
> the situation will not occur.
> Do you have more details on how this situation occurred in practice?
That would have been the case when the linker would (incorrectly, IMO)
make a copy relocation for a protected symbol, but the compiler would
use a direct reference to the local copy of the variable in the shared
library (legal because it knew the symbol was not pre-emptable). GCC
was patched (also incorrectly, IMO) to always use an indirect
reference for protected symbols, but other compilers (e.g., LLVM,
vendor compilers) were not, so it was still possible for the main
program to reference its copy-relocated copy of the variable, while a
shared library referenced its original copy. With a mixture of
compilers, it's even possible for the shared library to reference both
copies from separate places.