[PATCH v3 00/32] RELRO linkmaps

Florian Weimer fweimer@redhat.com
Mon Mar 11 17:24:12 GMT 2024


* Adhemerval Zanella Netto:

> On 07/12/23 07:56, Florian Weimer wrote:
>> * Andreas Schwab:
>> 
>>> Can you please provide a summary?
>> 
>> The original cover letter is quite elaborate:
>> 
>>   <https://inbox.sourceware.org/libc-alpha/cover.1688499219.git.fweimer@redhat.com/>
>> 
>> Please let me know if you need something else.
>
> Also could you describe with more details the possible attack that targets
> l_info[DT_FINI] and l_infi[DT_FINI_ARRAY]?  I would like to understand
> better the attack vector mainly because this patchset re-adds a potential
> startup failure (the _dl_protmem_bootstrap) now that we just removed it
> from tunable initialization.

I think this has some details:

  Nightmare: One Byte to ROP // Alternate Solution
  <https://github.com/LMS57/Nightmare-Writeup>

I'm not sure if the first write-up that was shared with me is public.

Thanks,
Florian



More information about the Libc-alpha mailing list