This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT
- From: Florian Weimer <fweimer at redhat dot com>
- To: Szabolcs Nagy <Szabolcs dot Nagy at arm dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, nd <nd at arm dot com>, Sudakshina Das <Sudi dot Das at arm dot com>
- Date: Fri, 21 Jun 2019 11:12:41 +0200
- Subject: Re: [PATCH 0/2] aarch64: Enable pointer auth in PLT
- References: <5ec73433-43c3-5e7a-62cb-a3b203cf41c5@arm.com>
* Szabolcs Nagy:
> Pointer authentication is an armv8.3-a extension and it can be used
> to harden PLTGOT entries when that is not read-only protected.
>
> binutils bfd linker now supports creating binaries with -z pac-plt
> and then PLT entries authenticate the pointers loaded from PLTGOT.
>
> To support such binaries the glibc dynamic linker has to "sign" the
> pointers in the PLTGOT. On cpus without pointer authentication support,
> both the sign and authentication operations are nops, so such binaries
> may appear to work now, but on a new cpu they will crash without glibc
> support.
I think you need to enable this feature in a different way, similar to
the non-executable stack. Otherwise, people will have to decide whether
they want to build portable binaries or binaries with security
hardening, which is not desirable.
Thanks,
Florian