From: Florian Weimer <fweimer@redhat.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Generic System V Application Binary Interface
<generic-abi@googlegroups.com>,
gnu-gabi@sourceware.org
Subject: Re: RFC: Audit external function called indirectly via GOT
Date: Mon, 01 Jan 2018 00:00:00 -0000 [thread overview]
Message-ID: <e6935942-f8d6-3193-3e91-343715be5c5d@redhat.com> (raw)
In-Reply-To: <CAMe9rOq3_U_T88+j8teyGRrrFoHWbvS=D+hHSBHZ01gQTWy=Hw@mail.gmail.com>
On 03/20/2018 05:52 PM, H.J. Lu wrote:
> On Mon, Mar 19, 2018 at 1:21 AM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 03/17/2018 02:31 PM, H.J. Lu wrote:
>>>
>>> Auditing of external function calls and their return values relies on
>>> lazy binding with PLT. When external functions are called indirectly
>>> via GOT without using PLT, auditing stops working.
>>>
>>> Here is a proposal to support auditing of external function called
>>> indirectly via GOT:
>>>
>>> 1. Add optional dynamic tags:
>>>
>>> #define DT_GNU_PLT 0x6ffffef4 /* Address of PLT section */
>>> #define DT_GNU_PLTSZ 0x6ffffdf1 /* Size of PLT section */
>>> #define DT_GNU_PLTENT 0x6ffffdf2 /* Size of one PLT entry */
>>> #define DT_GNU_PLT0SZ 0x6ffffdf3 /* Size of the first PLT entry */
>>> #define DT_GNU_PLTGOTSZ 0x6ffffdf4 /* Size of PLTGOT section */
>>>
>>> and update DT_FLAGS_1 with:
>>>
>>> #define DF_1_JMPRELIGN 0x10000000 /* DT_JMPREL can be ignored */
>>> 2. Linker creates PLT entries for auditing external function calls via
>>> GOT and sets DT_GNU_PLT, DT_GNU_PLTSZ, DT_GNU_PLTENT, DT_GNU_PLT0SZ and
>>> DT_GNU_PLTGOTSZ. If PLT isn't required for lazy binding, set the
>>> DF_1_JMPRELIGN bit in DT_FLAGS_1.
>>
>>
>> Could we ship a template for the PLT entries in ld.so instead? And if
>> needed, map it from the file together with an address array, like this?
>
> This won't work since linker needs to know exactly PLT layout to generate
> JUMP_SLOT relocations for LD_AUDIT.
I don't see why it would need JUMP_SLOT relocations if it simply
auto-generates PLT stub equivalents and installs them in GLOB_DAT
relocations.
Anyway, going back to the larger question what we need here.
I used this as a test case for audit support with BIND_NOW:
latrace /bin/true --help
Most of Fedora is compiled with BIND_NOW. Fedora 26 does not print
latrace messages (the problem I mentioned earlier), Fedora 27 works
(yay), Fedora 28 crashes (meh).
So depending on which side Fedora 28+ falls, I think your approach might
be viable. I expect that a future binutils version would do this by
default, and beyond the additional dynamic section tags, new PLT stubs
would only be created for no-plt functions because current binutils is
supposed to generate PLT entries again (after they went missing for -z
now binaries for some time).
Thanks,
Florian
next prev parent reply other threads:[~2018-03-28 18:37 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 0:00 H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Florian Weimer [this message]
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Florian Weimer
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Carlos O'Donell
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` Alan Modra
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Alan Modra
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
2018-01-01 0:00 ` H.J. Lu
2018-01-01 0:00 ` Cary Coutant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6935942-f8d6-3193-3e91-343715be5c5d@redhat.com \
--to=fweimer@redhat.com \
--cc=generic-abi@googlegroups.com \
--cc=gnu-gabi@sourceware.org \
--cc=hjl.tools@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).