Re: Flag for late RELRO application

public inbox for gnu-gabi@sourceware.org
 help / color / mirror / Atom feed

From: Carlos O'Donell <carlos@redhat.com>
To: Florian Weimer <fweimer@redhat.com>, gnu-gabi@sourceware.org
Subject: Re: Flag for late RELRO application
Date: Mon, 01 Jan 2018 00:00:00 -0000	[thread overview]
Message-ID: <7a4054dc-561c-544f-b3d5-4f06580e10dc@redhat.com> (raw)
In-Reply-To: <0140c64d-ceef-070e-a8f5-95a930984800@redhat.com>

On 06/11/2018 07:23 AM, Florian Weimer wrote:
> I would like to add a flag to gABI (visible in the dynamic section)
> which indicates that the loader shall apply RELRO protection only
> after running the ELF constructors from DT_INIT and DT_INIT_ARRAY.

I assume that means also after DT_PREINIT_ARRAY?

Should the semantics be worded in such a way as to simply say that
all constructors have finished running?

That could be a lot of code running without RELRO protections.

> This would allow applications to allocate a mapping and store a
> pointer to it in permanently read-only memory.  On the mapping
> itself, the application can set the protection flags (and keys) as
> needed.

Wouldn't it be safer to have some kind of second "type" of RELRO
for these particular uses?

This way we don't mix what is effectively early RELRO with late
RELRO?

I know that it's easier to just defer RELRO (all the existing
machinery is already in place for it), but I'm wondering if that
won't worsen the protection in substantial ways.

For example how would an application mark a pointer as read-only
but also write to it? If you have to markup existing code with
attributes to get this to work, you might as well collect them
into a special section and use a 'late RELRO' flag for it,
extending the existing RELRO framework.

Just a thought.

Cheers,
Carlos.

next prev parent reply	other threads:[~2018-06-11 16:29 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-01  0:00 Florian Weimer
2018-01-01  0:00 ` Cary Coutant
2018-01-01  0:00   ` Florian Weimer
2018-01-01  0:00 ` Carlos O'Donell [this message]
2018-01-01  0:00   ` Florian Weimer
2018-01-01  0:00     ` Carlos O'Donell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7a4054dc-561c-544f-b3d5-4f06580e10dc@redhat.com \
    --to=carlos@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=gnu-gabi@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).