This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: Mathias Payer <mathias dot payer at nebelwelt dot net>
- Cc: binutils at sourceware dot org, libc-alpha at sourceware dot org, Xinyang Ge <xxg113 at cse dot psu dot edu>, Trent Jaeger <tjaeger at cse dot psu dot edu>
- Date: Fri, 23 Dec 2016 19:00:41 +0100
- Subject: Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
- Authentication-results: sourceware.org; auth=none
- References: <ec97c532-6576-8eec-05b0-1c206293b1b0@nebelwelt.net>
I would like to point out that the reporters followed a responsible
disclosure process, and I asked them to report this publicly. My
reasoning was this: We are talking about a post-exploitation
countermeasure (RELRO) whose effectiveness is reduced, and there is
some amount of cross-project, cross-architecture coordination needed
here, which makes bug fixing in secret extremely inefficient.