This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] elf: Refuse to dlopen PIE objects [BZ #24323]

On 4/29/19 5:35 PM, Florian Weimer wrote:
* Carlos O'Donell:

     ifeq (yes,$(build-shared))
   # NB: Please keep cet-built-dso in sysdeps/x86/Makefile in sync with
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 2bbef81b6e..9b0c1406c9 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -1158,6 +1158,10 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
   	goto call_lose;
   +    /* dlopen of an executable is not valid because it is not
+       to perform proper relocations and run the ELF constructors.
+       For PIE, the check needs the dynamic section, so there is
+       another check below.  */

Suggest you mention exactly which relocations are the problem.
I assume it's COPY relocs into the main executable which can't be
done twice, because both execs will want to reference their own
copy. Likewise the problem with ELF constructors should be expanded
with more details.

I assume that static TLS is also negatively impacted.  TLS variables
from the dlopen'ed PIE binary and the real main program will probably

Absolutely. They will both use constant offsets from TP and that will
be directly encoded in the program code with no way to change it.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]