Encoding page size in the ELF header

Florian Weimer fweimer@redhat.com
Mon Sep 28 11:55:00 GMT 2015


On 09/27/2015 07:41 PM, Rich Felker wrote:

> There are several clean solutions, like putting the data in its own
> .so or allocating it at runtime with mmap rather than using static
> storage. But these all may defeat the intended security benefits since
> then you have to rely on a pointer to the data that's located
> somewhere that may be writable. The safest is probably the
> separate-.so approach with a pointer to it in const .data where it can
> be protected by relro.

I'm not sure if that solves anything.  I don't think it's possible in
general just to set the .data section of a DSO to PROT_READ because the
implementation may have stored helper variables there which need
updating.  What am I missing?  I think the DSO has the same issues as
the main program.

-- 
Florian Weimer / Red Hat Product Security



More information about the Libc-alpha mailing list