This is the mail archive of the
mailing list for the binutils project.
Re: [PATCH] i386: Remove PLT0 and use non-lazy PLT if PLT0 is unused
On 05/07/2017 01:00 PM, H.J. Lu wrote:
> On Sat, May 6, 2017 at 11:55 AM, Florian Weimer <email@example.com> wrote:
>> On 05/06/2017 05:11 PM, H.J. Lu wrote:
>>> 1. Call external function.
>>> 2. Call internal IFUNC function. The best implementation is selected
>>> for the target processor at run-time.
>>> 3. Act as the canonical function address.
>> Audit support is missing from this list. Audit support needs a PLT stub
>> which calls the audit trampoline with some sort of function index or
> This behavior disables LD_AUDIT support with -z now, in addition to
> export LD_BIND_NOW=1
> or compiling with -fno-plt. Also should LD_AUDIT work on external
> calls inside shared objects linked with -z now?
Yes IMO, LD_AUDIT + -z now should force the GOT entries to remain forever
resolved to the stub PLT entry in a read-only mapping. This however means
keeping around the PLT entries, which is what you're trying to remove, but
shouldn't without an additional optimization flag.
>> I'm concerned that -z now in recent binutils (even without this patch)
>> removes audit support, when before, audit support was not impacted by -z now
>> (I think, I'm not sure on this point).
>> We really must avoid hardening flags which have profound semantic
>> implications on generated binaries because it discourages people from
>> enabling them.
> The impacts for removing PLT0 with -z now are
> 1. LD_AUDIT no longer works.
This is bad. I know of lots of users that are going to be unhappy if we
continue to remove LD_AUDIT support. For now it works in their own applications,
but I'd like to see LD_AUDIT work with -z now.
> 1. Make the run-time behavior the same with "export LD_BIND_NOW=1".
Yes, but it's not a strong enough argument.
> 2. Disable LD_AUDIT to further improve security.
LD_LIBRARY_PATH is already just as dangerous, so is LD_PRELOAD.
And secure processes already ignore LD_AUDIT.
> I can add a new "-z audit" option to enable LD_AUDIT as much as
> possible, including
Why does an existing working feature need a new option?
Why not add a "-z noplt" like gcc has "-fnoplt" and make both options work
together to optimize away the lazy call sequence aspects of the binaries?
We could _also_ add a "-z audit" which is just there to force an error
if mixed with "-z noplt"
> extern void foo (void);
> void *
> foo_p ()
> foo ();
> return foo;