This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Paul Pluzhnikov <ppluzhnikov at google dot com>
- Cc: Sriraman Tallam <tmsriram at google dot com>, GLIBC Devel <libc-alpha at sourceware dot org>, Ian Lance Taylor <iant at google dot com>, David Li <davidxl at google dot com>
- Date: Tue, 11 Aug 2015 15:01:43 -0700
- Subject: Re: [PATCH] [PR libc/18801] PIE binary with STT_GNU_IFUNC symbol and TEXTREL segfaults on x86_64
- Authentication-results: sourceware.org; auth=none
- References: <CAAs8Hmy32PV1z0D7So6TEzFosCyJNUB_yco_6SYi=tKHUpBMQg at mail dot gmail dot com> <CALoOobNX0PaUHjydC1rCr8qeRbmVZj76mZnC6DdbOLwGPnhAGQ at mail dot gmail dot com>
On Tue, Aug 11, 2015 at 2:39 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> On Tue, Aug 11, 2015 at 2:21 PM, Sriraman Tallam <tmsriram@google.com> wrote:
>> Details here:
>> https://sourceware.org/bugzilla/show_bug.cgi?id=18801
>>
>> Thanks to Paul Pluzhnikov for identifying the problem and suggesting the fix.
>
> I'll note that this will cause any TEXTREL binary to fail under
> SELinux config that prohibits "W+E" permissions. But I think there are
> few such binaries.
>
> It's either
> - make TEXTREL binary not run under SELinux, or
> - make them run, but crash mysteriously if they have a called IFUNC
> resolver in them (or are linked with '-z,now').
How about
1. Change ld to disallow TEXTREL with IFUNC and without "-z now'". Or
2. Change ld to set DT_BIND_NOW if there is TEXTREL with
IFUNC. Or
3. Update ld to set a new DT_XXXX if there TEXTREL with IFUNC and
ld.so will call mprotect with PROT_EXEC only if there is DT_XXXX.
My preference is #1, #2, #3.
--
H.J.