This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)

From: Mathias Payer <mathias dot payer at nebelwelt dot net>
To: Florian Weimer <fweimer at redhat dot com>, Alan Modra <amodra at gmail dot com>
Cc: binutils at sourceware dot org, libc-alpha at sourceware dot org, Xinyang Ge <xxg113 at cse dot psu dot edu>, Trent Jaeger <tjaeger at cse dot psu dot edu>
Date: Sat, 24 Dec 2016 15:28:02 +0100
Subject: Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
Authentication-results: sourceware.org; auth=none
References: <ec97c532-6576-8eec-05b0-1c206293b1b0@nebelwelt.net> <5bb116b9-2633-bb9d-bd93-edece2fc56ec@redhat.com> <20161223143554.GG2896@bubble.grove.modra.org> <b4ef9e7d-0c69-e08c-cd08-b4033835b999@nebelwelt.net> <b0462cbd-5322-c7ab-66bb-d9f46a0991b2@redhat.com> <A492920E-0B50-400F-B3FA-0A142364018F@nebelwelt.net> <1f4b9a13-3d00-9782-1190-23dc6eb0d804@redhat.com>

>>> The static linker necessarily sees a definition, otherwise it cannot
>>> produce a copy relocation because copy relocations must refer to
>>> objects of known size.
>>
>> Agreed. The static linker knows about the symbol and size but not the
>> permission. That information is discarded after compilation.
> 
> That's not quite true.  At least in the vtable case, the vtable is
> emitted in the .data.rel.ro section, and this information is definitely
> available to the static linker.

(If the linker validates the information from the referenced
library/object.)

> For your class A, the compiler emits the following vtable:
> 
>         .weak   _ZTV1A
>         .section        .data.rel.ro._ZTV1A,"awG",@progbits,_ZTV1A,comdat
>         .align 8
>         .type   _ZTV1A, @object
>         .size   _ZTV1A, 24
> _ZTV1A:
>         .quad   0
>         .quad   _ZTI1A
>         .quad   _ZN1A2a1Ev
> 
> And the static linker, when producing a DSO, puts that into the
> .data.rel.ro section.  (Otherwise, using -fPIC wouldn't server as a
> workaround.)


With format strings it may not work out as well. The original string is
in rodata. Let's assume the executable uses an "extern char str". The
string is then copy relocated to the BSS section in the executable.

---
  .file "test.c"
  .globl  str
  .section  .rodata
  .align 32
  .type str, @object
  .size str, 41
str:
  .string "We expect to print a decimal number: %d\n"
  .text
  .globl  externprint
  .type externprint, @function
externprint:
...
#  (call to printf)
---

When linking the main executable, the linker would have to check the
section information of the library and then infer the permissions of
that section to carry those over. Instead of copying the str into the
BSS section at runtime, the str would have to be allocated in a ro section.

Thanks,
Mathias

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Alan Modra

References:
- Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Florian Weimer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Alan Modra
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Florian Weimer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Mathias Payer
- Re: Read-only data in ELF libraries may be remapped writable at runtime (upcoming NDSS'17 paper)
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]