From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH 5/7] elf: Enable relro for static build
Date: Mon, 02 Dec 2019 18:54:00 -0000 [thread overview]
Message-ID: <8dc5bbdc-f0fa-03ad-1289-2b1b55f035c1@linaro.org> (raw)
In-Reply-To: <87h82iy48o.fsf@mid.deneb.enyo.de>
On 02/12/2019 15:25, Florian Weimer wrote:
> * Adhemerval Zanella:
>
>>> Somewhat bizarrely, full RELRO for statically linked binaries
>>> requires linking with -z now.
>
>> My understanding it is arch-specific and also depends on how
>> bintuils was build. For instance, with my system ld (GNU ld (GNU
>> Binutils for Ubuntu) 2.30) seemed to be built with
>> DEFAULT_LD_Z_RELRO (set by --enable-relro) which sets relro by
>> default. With this binutils I could only disable relro by explicit
>> add norelro, the -z {lazy,now} did not change the GNU_RELRO header
>> creation.
>
> Whether -z relro gives you full RELRO depends somewhat on the
> architecture and what relocations can be eliminated from the static
> link. Objects built with -fPIC tend to leave relocations behind,
> though, and to protect them, you need -z now.
>
I was investigating in fact if binutils is requiring the -z now
to actually enable full RELRO, but it seems that there is no
option to actually set 'full RELRO' besides the combination
of -z now and -z relro.
And I think it is worth to check for static PIE as well. At least
for partial relro, .data.rel.ro seems to protect the required
data.
About testing, I am not sure what kind of coverage we are aiming
here. My initial approach would to check if a write on a variable
set to .data.rel.so does trigger a SEGSEGV signal and check with
some different combinations (-z now, -z lazy, static, dynamic,
pie, nopie). Do you have something more elaborated in mind?
next prev parent reply other threads:[~2019-12-02 18:54 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-29 21:03 [PATCH 1/7] linux: Update x86 vDSO symbols Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 4/7] linux: Update mips " Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 5/7] elf: Enable relro for static build Adhemerval Zanella
2019-12-01 9:55 ` Florian Weimer
2019-12-02 13:57 ` Adhemerval Zanella
2019-12-02 18:25 ` Florian Weimer
2019-12-02 18:54 ` Adhemerval Zanella [this message]
2019-12-02 19:03 ` Florian Weimer
2019-12-02 19:33 ` Adhemerval Zanella
2019-12-03 13:53 ` [PATCH v2] " Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 2/7] x86: Make x32 use x86 time implementation Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 7/7] elf: Move vDSO setup to rtld Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 6/7] linux: Refactor sched_getcpu in terms of getcpu Adhemerval Zanella
2019-12-01 14:22 ` Florian Weimer
2019-12-02 14:00 ` Adhemerval Zanella
2019-12-03 13:56 ` [PATCH v2] linux: Add inline getcpu implementation for sched_getcpu and getcpu Adhemerval Zanella
2019-11-29 21:03 ` [PATCH 3/7] Remove vDSO support from make-syscall.sh Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8dc5bbdc-f0fa-03ad-1289-2b1b55f035c1@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=fw@deneb.enyo.de \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).