From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 17712 invoked from network); 25 Sep 2020 20:49:53 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 25 Sep 2020 20:49:53 -0000 Received: (qmail 30161 invoked by uid 550); 25 Sep 2020 20:49:49 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 30140 invoked from network); 25 Sep 2020 20:49:49 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1601066978; bh=PmSzzBRJLDjiGmiGnvNJlglaHU6XXCGlBuMk38Nbes8=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=OWYMqfk7zzyIsxDjrt2jKwZCBq3KzaLx7rnqDrc5ojFCtr/uSNBul6/dvxxpZ0UrK X7SkgY6VxzqaGOufIvEDRplWVIR8FLLrcpVxqzQyJJ2ibr8DIntJFWToYPAEjOqfL1 TdIWlVXWLw6riyni298dSlho5l6YXasBH8NjHdIc= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Date: Fri, 25 Sep 2020 22:49:37 +0200 From: Markus Wichmann To: musl@lists.openwall.com Message-ID: <20200925204937.GB7997@voyager> References: <20200925093733.GJ2947641@port70.net> <7318ee2c-17f5-99a9-12e4-622fe94cbfe2@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7318ee2c-17f5-99a9-12e4-622fe94cbfe2@gmail.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Provags-ID: V03:K1:dGgivnxrmqWG/p16ZkmWMWDv7/PKyQFyQJNY15N8aVIEiixPMFV obuhjLatsWjU6hMB+1pEF7z9ZsinBuppDPyvjpg1OLP2NlWw54KOQ0kCGoNgEdLmcJjx9IZ JjOWcywkBXOej1z1IXjO8hKA6ZkDqfWNaEW1sB28Q9NMWrAVarR5SD7giRAJBYOgYBI/Oe0 vkBW6oZ0/eqq3BqfUw+Wg== X-UI-Out-Filterresults: notjunk:1;V03:K0:U+V49p4G6S4=:oUmAwd2eIpFDXw8yFQFdT5 fg+eUEgjwvkO/ba4kpLd38AH7g1f6xS2F3D/0gfhIl0GIg9VhRjaUD2J9qjo1NIs9pmx9+HkK MRX430yIYZl+53+yItX2k30UlMeyUF/+KOIKV22P6XwnB5LQBRJBOueBtdmkUlkdWZGpEzp8U PYrEnHTamSP7HsI6ePM7Qo5+AN1fFU22O38tqNfbofPEWKtfHoNaXgPIL83A9wKIcNr0LLwSs eHzD4QMUrtFk7Zw9lumuxF3AHqtIGsn9dmSkA7AeYRnoWEqLRYYyBOsipE7uG/XMds4g/IbA/ HfOkOkBJ0EXZ8MUqzehd8YWN3qG/VE8S0mn24AOOr/pS67Afxez7DvuryN+cq3UYQ3kMlUws+ sqIhXHHOq1dZmPjlR6RyDgHcebxnYiFSJJZO4odW39TWDoY6ovb+ZhASS+yPYmwUdHD+C8BpH muNzPuuRg3uJEA7Wt4LWLTZypN9YBXCd+3PO/vlzelVMGH6b/gRYHZ+sUAmDZA9SAZ+rdfqx/ +jh645DaRzM9CfEJAwvGxoGSjHJnuxYDYq7iNrNPYkFGzttriUY5eVEzbpWVAGu6uxQRbVH2M tVEiTQz9yAhHjzPE+c7A46jxkr/RMVeOYjJaRVcGal9EenMzxwd9Y4tayczEc+MgfyH3otuB/ 1Oc/imqXMcd1d7BbBNuxHWGNh0AVjvh/6sosSx8c9FUlLnXqj1cMX83gJEHGBk0hYZWnGVWVW QRXt8NKmH87Q9r8jUXLGah4lecOz4bc/MUHwmzuYHVsMiCHoq8k0nHVsg6zIdsijDZ/MlizOG GYYp5cMIWVMhRPUyNCkhFx+Ivsqw9TLF7lazEcoRno8a1dOUiYiUVU6L0NSVTF+6Yyh8h07X9 VL2/jl+id/3EE+NatjQui8Xkqd5ABhn4/PSRpDNkeEN1D6ne4VCDI9QG0B0cthMc99FcezhxZ I8gDsHMw5usiCORDouxX/YfEEq9MrN3fZc0sisMh/6AYw7ouIrEZbltHVGP09gZSdObgQuTlV QSWfDWQBJ+/1sHruiwrwaQf2huByCBBnlQrLQLUwXtdAl25EBBol8JAmvqMVfv0bqCrzJ+l72 LRvQ7GkYRloNmFn8mAmmXVN9EZDzXZ971uzMT53myzkfUcLW0C4AA+rul3nXFRRKADhpvPtms H/4HOnsMmOHeP3S3cX9Z63k+ux4S2jEUpCICI0g2oIXCpZDljUP9av8Rw4jBIeBeJjtETJKiv irQ8fcHjLO+BLyikl Content-Transfer-Encoding: quoted-printable Subject: Re: [musl] SIGSEGV with TEXTREL On Fri, Sep 25, 2020 at 04:13:19PM -0400, Dominic Chen wrote: > On 9/25/2020 2:58 PM, Rich Felker wrote: > > large code model, (2) all security policies have to be > > turned off that prevent exec+write mappings for this to > > work at all which is not acceptable in many environments. > > I don't see how (2) applies. Both glibc and the previous patch only > remap text segments writable during relocation processing, and then > remap them back read-only immediately afterwards. If you're referring to > W^X, text segments don't need to be executable during relocation > processing either, so that can be avoided. > Some security mechanisms prevent mapping anything executable that has ever been writable. I believe SELinux can be set up this way, but I am not sure. Of course, this interferes with some interpreters, since it essentially prevents dynamic recompilation, but that is a specific use case users of SELinux might be willing to sacrifice. Ciao, Markus