From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 79124 invoked by alias); 1 Dec 2019 09:55:54 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 79109 invoked by uid 89); 1 Dec 2019 09:55:53 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-16.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:1552 X-HELO: albireo.enyo.de From: Florian Weimer To: Adhemerval Zanella Cc: libc-alpha@sourceware.org Subject: Re: [PATCH 5/7] elf: Enable relro for static build References: <20191129210327.26434-1-adhemerval.zanella@linaro.org> <20191129210327.26434-5-adhemerval.zanella@linaro.org> Date: Sun, 01 Dec 2019 09:55:00 -0000 In-Reply-To: <20191129210327.26434-5-adhemerval.zanella@linaro.org> (Adhemerval Zanella's message of "Fri, 29 Nov 2019 18:03:25 -0300") Message-ID: <874kykfjyy.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2019-12/txt/msg00002.txt.bz2 * Adhemerval Zanella: > The code is similar to the one at rtld.c, where its check for the > PT_GNU_RELRO header values from program headers and call > _dl_protected_relro with the updated l_relro_{addr,size} values. This is not the actual code that does RELRO in most cases, it's only used with prelink. _dl_relocate_object is what is used. > diff --git a/elf/dl-support.c b/elf/dl-support.c > index 5526d5ee6e..bdb5c2ae91 100644 > --- a/elf/dl-support.c > +++ b/elf/dl-support.c > @@ -367,14 +367,24 @@ _dl_non_dynamic_init (void) > if (_dl_platform != NULL) > _dl_platformlen = strlen (_dl_platform); > > - /* Scan for a program header telling us the stack is nonexecutable. */ > if (_dl_phdr != NULL) > - for (uint_fast16_t i = 0; i < _dl_phnum; ++i) > - if (_dl_phdr[i].p_type == PT_GNU_STACK) > + for (const ElfW(Phdr) *ph = _dl_phdr; ph < &_dl_phdr[_dl_phnum]; ++ph) > + switch (ph->p_type) > { > - _dl_stack_flags = _dl_phdr[i].p_flags; > + /* Check if the stack is nonexecutable. */ > + case PT_GNU_STACK: > + _dl_stack_flags = ph->p_flags; > + break; > + > + case PT_GNU_RELRO: > + _dl_main_map.l_relro_addr = ph->p_vaddr; > + _dl_main_map.l_relro_size = ph->p_memsz; > break; > } > + > + /* Setup relro on the binary itself. */ > + if (_dl_main_map.l_relro_size) > + _dl_protect_relro (&_dl_main_map); Please use an explicit comparison with != 0. I have a test case for this which I can post. Somewhat bizarrely, full RELRO for statically linked binaries requires linking with -z now.