Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.2.20.13.2103311745100.2351@monopod.intra.ispras.ru>
Date: Wed, 31 Mar 2021 17:51:26 +0300 (MSK)
From: Alexander Monakov <amonakov@...ras.ru>
To: musl@...ts.openwall.com
Subject: Re: RELRO vs deferred binding

On Wed, 31 Mar 2021, Rich Felker wrote:

> Thanks for raising this. I think deferred binding needs to be updated
> either to ignore RELRO if there are outstanding relocations (possibly
> deferring it until they are all resolved)

This seems undesirable as it leaves GOT unprotected for the rest of
run time if unresolved relocations remain.

> or to unprotect and
> reprotect on every incremental link. (This could be optimized out and
> preserve some further safety by scanning the outstanding relocation
> table and skipping the unprotect/reprotect if none of them lie in the
> RELRO range.)

Even better might be to do relocation normally and lazily unprotect RELRO
on first relocation that needs that, then reprotect once done with that DSO.
(i.e. without doing an additional scan, like your parenthesized statement
seems to suggest)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.