Encoding page size in the ELF header
Florian Weimer
fweimer@redhat.com
Mon Sep 28 11:55:00 GMT 2015
On 09/27/2015 07:41 PM, Rich Felker wrote:
> There are several clean solutions, like putting the data in its own
> .so or allocating it at runtime with mmap rather than using static
> storage. But these all may defeat the intended security benefits since
> then you have to rely on a pointer to the data that's located
> somewhere that may be writable. The safest is probably the
> separate-.so approach with a pointer to it in const .data where it can
> be protected by relro.
I'm not sure if that solves anything. I don't think it's possible in
general just to set the .data section of a DSO to PROT_READ because the
implementation may have stored helper variables there which need
updating. What am I missing? I think the DSO has the same issues as
the main program.
--
Florian Weimer / Red Hat Product Security
More information about the Libc-alpha
mailing list