[RFC 3/5] elf: Add support to memory sealing
Mike Hommey
mh@glandium.org
Fri Jun 28 05:58:52 GMT 2024
On Fri, Jun 28, 2024 at 07:51:05AM +0200, Florian Weimer wrote:
> * Mike Hommey:
>
> > I just realized this can't work. For some reason I had the impression
> > the mseal was applied to the RELRO segment, but it's over the entire
> > library, which makes sense, in hindsight. The problem is that if we
> > remove RELRO, then... we can't even reapply it afterwards because of the
> > mseal, leaving us with a writable data section.
> > But if we disable mseal, we only get to disable it for everything, not
> > only our libs! (and only if we re-exec with GLIBC_TUNABLES set?)
>
> We can introduce a flag in a dynamic tag at the same time we implement
> mseal. The flag would isntruct the dynamic linker to skip mseal. It's
> going to be some time until link editors know about the flag, but that
> doesn't matter in your case because you have a custom linker anyway,
> more or less.
That would be the most useful, thank you. Are you thinking about some
DT_FLAGS/DT_FLAGS_1, or some other (new) tag?
Mike
More information about the Libc-alpha
mailing list