From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 34905 invoked by alias); 24 Jun 2018 21:05:49 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 34844 invoked by uid 89); 24 Jun 2018 21:05:48 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:831 X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-ua0-f170.google.com Received: from mail-ua0-f170.google.com (HELO mail-ua0-f170.google.com) (209.85.217.170) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 24 Jun 2018 21:05:46 +0000 Received: by mail-ua0-f170.google.com with SMTP id 59-v6so7379960uas.5 for ; Sun, 24 Jun 2018 14:05:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PXNS00y5KGq4kdbSlu6kfk1qIUz8WsaO8Uys6jQYm1g=; b=E3z1b7m9S+MF59TBoon139m7JDpulVbo1IVROwcEt27wiB1iG0aCt2zHFEtjP0B7R9 ZUOHXA4OSIb2r2tvvZ1f0zgMRLr/s0DPRZ8y8Nrdq64f3jHFOencnsWrYOrN5HWigyg9 jUqb+qfxk/vCfAlrgNdXLiQAgUtZaRtkep2YTXOXMGP34ZT+2v+PNV4kr9orqG58oGkj /T6XLoD4Rg24R9Tlxm7tHzWywZO94hO8+XqnWhXEwlrmTsEikCoDSKGPfKWPTWU/mKvH 301y54hSil0ypxriLxRzoV0L/YA7Q9tfCpASzo3JSSG3r0MRRWdwQNnkS/uPTTJNS7NF EWBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PXNS00y5KGq4kdbSlu6kfk1qIUz8WsaO8Uys6jQYm1g=; b=fU2bPanC1nGGCQUi/vy9UgMjndbl9QmJ8DxENuCRgHWOeJ4vHM0+ZttlQ8plhAxN2d 4vAUdXgF+YBtQJMjjHlCuiaAZpBfK9kDcrug43hi84vhimfdEV/honVd5rMWl8ocW6nN BtjQMwwufpR6U1rPjLgEG9iMnWFVKnrYx1CiLmU/fMmFJuUu6v+DfjQOkGGZ/Mwuno8+ av84pBV4JVIYWmpsYZowmeXOQuAc5FVgeDz1juNLld4NhiHdSxrg2tzLdRcy1XiliIEW mt0Ws8v1XdpW8XFZlxMPI+GABieQUthIVvvs81KK8E+DbaCf9OKA8OZyzWaONMkipB5K +cRg== X-Gm-Message-State: APt69E3+GX+PKPhbuu96559fnMH+XEjkPPgP/hgQJZ2wlL0tWAx6dEDA 9JbsrC08TQS5wu28/KWFmPSk3FfzrixIjAVxWiM= X-Google-Smtp-Source: ADUXVKI0r6QXmLixzf8u3OsBym2dyTnG0DUgiFcLCTQzQE+rkJU0D+vZqI6/vhta+qq9a6T8ifz7x0Oxvb4kkrdlu2Q= X-Received: by 2002:ab0:1723:: with SMTP id j35-v6mr6386628uaf.154.1529874343672; Sun, 24 Jun 2018 14:05:43 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:d90a:0:0:0:0:0 with HTTP; Sun, 24 Jun 2018 14:05:42 -0700 (PDT) In-Reply-To: References: <87sh5hadd6.fsf@redhat.com> <83d583d0-884e-4208-436e-5b25cbb6ce5a@redhat.com> From: Cary Coutant Date: Mon, 01 Jan 2018 00:00:00 -0000 Message-ID: Subject: Re: RFA: Add a new gynamic tag: DT_GNU_GOT_PLT_END To: Florian Weimer Cc: Nick Clifton , gnu-gabi@sourceware.org, "H.J. Lu" Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-q2/txt/msg00011.txt.bz2 >> That leads me to another question: How would this be different from -z >> relro -z now? It looks to me like a binary with such a PLT GOT would >> be nothing more than a -z relro -z now binary where nothing but the >> .got.plt section ends up as RELRO. So why not just use the >> PT_GNU_RELRO program header for this? > > It doesn't disable lazy binding, so there is no visible semantic difference > in symbol binding. > > With page isolation, we can use pkey_mprotect to assign a protection key to > the .got.plt and only make it readable while _dl_fixup is running. That > would provide most of the security benefits of BIND_NOW+RELRO, without > disabling lazy binding. OK, so it's a variant of RELRO. I'd prefer using a new program header type, PT_GNU_PLTGOT, then. -cary