From: "H.J. Lu" <hjl.tools@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: Generic System V Application Binary Interface
<generic-abi@googlegroups.com>,
gnu-gabi@sourceware.org
Subject: Re: RFC: Audit external function called indirectly via GOT
Date: Mon, 01 Jan 2018 00:00:00 -0000 [thread overview]
Message-ID: <CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com> (raw)
In-Reply-To: <ba9013ec-7c77-9a3d-d474-3f5f4670d093@redhat.com>
On Mon, Mar 19, 2018 at 1:21 AM, Florian Weimer <fweimer@redhat.com> wrote:
> On 03/17/2018 02:31 PM, H.J. Lu wrote:
>>
>> Auditing of external function calls and their return values relies on
>> lazy binding with PLT. When external functions are called indirectly
>> via GOT without using PLT, auditing stops working.
>>
>> Here is a proposal to support auditing of external function called
>> indirectly via GOT:
>>
>> 1. Add optional dynamic tags:
>>
>> #define DT_GNU_PLT 0x6ffffef4 /* Address of PLT section */
>> #define DT_GNU_PLTSZ 0x6ffffdf1 /* Size of PLT section */
>> #define DT_GNU_PLTENT 0x6ffffdf2 /* Size of one PLT entry */
>> #define DT_GNU_PLT0SZ 0x6ffffdf3 /* Size of the first PLT entry */
>> #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section */
>>
>> and update DT_FLAGS_1 with:
>>
>> #define DF_1_JMPRELIGN 0x10000000 /* DT_JMPREL can be ignored */
>> 2. Linker creates PLT entries for auditing external function calls via
>> GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and
>> DT_GNU_PLTGOTSZ. If PLT isn't required for lazy binding, set the
>> DF_1_JMPRELIGN bit in DT_FLAGS_1.
>
>
> Could we ship a template for the PLT entries in ld.so instead? And if
> needed, map it from the file together with an address array, like this?
This won't work since linker needs to know exactly PLT layout to generate
JUMP_SLOT relocations for LD_AUDIT.
> Data page with pointer
> PLT template from ld.so (loading pointers from the previous page)
>
> This process can get be repeated, to obtain as many PLT stubs as needed.
> It's not a real JIT, so SELinux will still be happy.
>
> The data page would probably contain two pointers per PLT entry, not just
> one, so that the reserved PLT entries aren't necessary.
>
>> 3. When auditing is enabled at run-time, dynamic linker resolves GLOB_DAT
>> relocation to its corresponding PLT entry by finding JUMP_SLOT relocation
>> against the same function and use its PLT slot as the function address.
>
>
> This step would stay the same.
>
> I wonder if this would make it possible to restore audit support for
> existing binaries which lack PLT entries today.
>
I don't think so.
--
H.J.
next prev parent reply other threads:[~2018-03-20 16:52 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 0:00 H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu [this message]
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Alan Modra
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Alan Modra
2018-01-01 0:00 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com' \
--to=hjl.tools@gmail.com \
--cc=fweimer@redhat.com \
--cc=generic-abi@googlegroups.com \
--cc=gnu-gabi@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).