This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT

From: Florian Weimer <fweimer at redhat dot com>
To: Szabolcs Nagy <Szabolcs dot Nagy at arm dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>, nd <nd at arm dot com>, Sudakshina Das <Sudi dot Das at arm dot com>
Date: Fri, 21 Jun 2019 11:12:41 +0200
Subject: Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT
References: <5ec73433-43c3-5e7a-62cb-a3b203cf41c5@arm.com>

* Szabolcs Nagy:

> Pointer authentication is an armv8.3-a extension and it can be used
> to harden PLTGOT entries when that is not read-only protected.
>
> binutils bfd linker now supports creating binaries with -z pac-plt
> and then PLT entries authenticate the pointers loaded from PLTGOT.
>
> To support such binaries the glibc dynamic linker has to "sign" the
> pointers in the PLTGOT. On cpus without pointer authentication support,
> both the sign and authentication operations are nops, so such binaries
> may appear to work now, but on a new cpu they will crash without glibc
> support.

I think you need to enable this feature in a different way, similar to
the non-executable stack.  Otherwise, people will have to decide whether
they want to build portable binaries or binaries with security
hardening, which is not desirable.

Thanks,
Florian

Follow-Ups:
- Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT
  - From: Szabolcs Nagy

References:
- [PATCH 0/2] aarch64: Enable pointer auth in PLT
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]