This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64

On 11 Aug 2015 17:02, H.J. Lu wrote:
> On Tue, Aug 11, 2015 at 3:57 PM, Sriraman Tallam <> wrote:
> > On Tue, Aug 11, 2015 at 3:54 PM, H.J. Lu <> wrote:
> >> On Tue, Aug 11, 2015 at 3:37 PM, Paul Pluzhnikov <> wrote:
> >>> On Tue, Aug 11, 2015 at 3:31 PM, H.J. Lu <> wrote:
> >>>
> >>>> No.  I am proposing that linker issues an error if there is TEXTREL
> >>>> with IFUNC unless "-z now'" is used, assuming that this doesn't
> >>>> require changes to nor SELinux.
> >>>
> >>> Ah, ok. But that *doesn't* help current crash at all: "-z now" will
> >>> force IFUNC resolver (if any) to be called, and that call will fail
> >>> since we are currently removing execute protections.
> >>> (This is in fact the situation we've discovered the crash in originally.)
> >>
> >> Can you try adding  -Wl,-z,execstack?
> >
> > Yes, making the stack executable will solve the problem.  My test case
> > needed ".note.GNU-stack" specifically for this.
> Given SELinux issue, I don't think we should change  Instead,
> we can change ld to issue an error for TEXTREL with IFUNC and
> suggest -fPIE and  -Wl,-z,execstack as workaround.

i don't see why we should make any change.  it isn't ld's problem that the
restrictive runtime prevents things.  ld already issues a warning when you
have textrels in shared segments, so let's leave it at that.

ftr, the issue you describe is not specific to selinux as other security
systems have been doing this for a long time.  e.g. grsec/PaX.

Attachment: signature.asc
Description: Digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]