This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: Sriraman Tallam <tmsriram at google dot com>, GLIBC Devel <libc-alpha at sourceware dot org>, Ian Lance Taylor <iant at google dot com>, David Li <davidxl at google dot com>
- Date: Tue, 11 Aug 2015 15:31:51 -0700
- Subject: Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- Authentication-results: sourceware.org; auth=none
- References: <CAAs8Hmy32PV1z0D7So6TEzFosCyJNUB_yco_6SYi=tKHUpBMQg at mail dot gmail dot com> <CALoOobNX0PaUHjydC1rCr8qeRbmVZj76mZnC6DdbOLwGPnhAGQ at mail dot gmail dot com> <CAMe9rOp6EaE-sM7AV5TcUUZPC_qnnmLE6yDVtTyFazXnAHU7fw at mail dot gmail dot com> <CALoOobNU2cLioa-nM7qYpRS0oEYw5XoP1QgiLHyF25h5C6S7sg at mail dot gmail dot com>
On Tue, Aug 11, 2015 at 3:19 PM, Paul Pluzhnikov <email@example.com> wrote:
> On Tue, Aug 11, 2015 at 3:01 PM, H.J. Lu <firstname.lastname@example.org> wrote:
>> On Tue, Aug 11, 2015 at 2:39 PM, Paul Pluzhnikov <email@example.com> wrote:
>>> It's either
>>> - make TEXTREL binary not run under SELinux, or
>>> - make them run, but crash mysteriously if they have a called IFUNC
>>> resolver in them (or are linked with '-z,now').
>> How about
>> 1. Change ld to disallow TEXTREL with IFUNC and without "-z now'".
> That would still fail under SELinux, wouldn't it?
> Are you proposing also changing SELinux policy to allow "W+E" if
> DF_BIND_NOW is set?
No. I am proposing that linker issues an error if there is TEXTREL
with IFUNC unless "-z now'" is used, assuming that this doesn't
require changes to ld.so nor SELinux.