This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Encoding page size in the ELF header

From: Rich Felker <dalias at libc dot org>
To: Florian Weimer <fweimer at redhat dot com>
Cc: "Frank Ch. Eigler" <fche at redhat dot com>, Andreas Schwab <schwab at linux-m68k dot org>, Carlos O'Donell <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Mon, 28 Sep 2015 10:13:26 -0400
Subject: Re: Encoding page size in the ELF header
Authentication-results: sourceware.org; auth=none
References: <56059DD4 dot 1080908 at redhat dot com> <5605A084 dot 4010501 at redhat dot com> <y0mtwqgwz9f dot fsf at fche dot csb> <20150927052523 dot GP17773 at brightrain dot aerifal dot cx> <m2si60tf6e dot fsf at linux-m68k dot org> <5607B0B2 dot 2010906 at redhat dot com> <20150927171224 dot GT17773 at brightrain dot aerifal dot cx> <20150927172456 dot GA10701 at redhat dot com> <20150927174100 dot GU17773 at brightrain dot aerifal dot cx> <56092AA3 dot 2000004 at redhat dot com>

On Mon, Sep 28, 2015 at 01:55:15PM +0200, Florian Weimer wrote:
> On 09/27/2015 07:41 PM, Rich Felker wrote:
> 
> > There are several clean solutions, like putting the data in its own
> > .so or allocating it at runtime with mmap rather than using static
> > storage. But these all may defeat the intended security benefits since
> > then you have to rely on a pointer to the data that's located
> > somewhere that may be writable. The safest is probably the
> > separate-.so approach with a pointer to it in const .data where it can
> > be protected by relro.
> 
> I'm not sure if that solves anything.  I don't think it's possible in
> general just to set the .data section of a DSO to PROT_READ because the
> implementation may have stored helper variables there which need
> updating.  What am I missing?  I think the DSO has the same issues as
> the main program.

The .data.relro section, where const data that can't be in .rodata
because it contains initialized pointers that require relocation goes,
is arranged by the linker to be in its own page(s) so it ldso will
mprotect it read-only at load time.

Rich

References:
- Re: Encoding page size in the ELF header
  - From: Carlos O'Donell
- Re: Encoding page size in the ELF header
  - From: Florian Weimer
- Re: Encoding page size in the ELF header
  - From: Frank Ch. Eigler
- Re: Encoding page size in the ELF header
  - From: Rich Felker
- Re: Encoding page size in the ELF header
  - From: Andreas Schwab
- Re: Encoding page size in the ELF header
  - From: Florian Weimer
- Re: Encoding page size in the ELF header
  - From: Rich Felker
- Re: Encoding page size in the ELF header
  - From: Frank Ch. Eigler
- Re: Encoding page size in the ELF header
  - From: Rich Felker
- Re: Encoding page size in the ELF header
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]