On Wed, May 22, 2024 at 9:42 PM Florian Weimer <fweimer@redhat.com> wrote:
>
> * Stephen Roettger:
>
> > In my basic testing, this seems to work fine. But a few questions that
> > I'd like some feedback on:
> > * Does it sound ok to apply sealing by default? Should this be a flag in
> >   the ELF, e.g. maybe the p_flags could have a sealable bit?
>
> It depends on how the integration with RELRO should look like.

In that case, the PT_GNU_RELRO could have this sealable bit set, so rtld could
apply sealing just after the mprotecting it read only.

>
> > * Does it make sense to piggyback on the RTLD_NODELETE bit and apply it
> >   to more objects? It seems to have the right semantics: the object
> >   should never get deleted => it's ok to seal the mappings.
>
> Doesn't this inhibit many forms of debugging?  We wouldn't want to do
> that by default, I think.

Is the concern that a debugger injects code that then calls mprotect on the
mappings for binary patching?