From: Rich Felker <dalias@libc.org>
To: Alexander Monakov <amonakov@ispras.ru>
Cc: musl@lists.openwall.com
Subject: Re: [musl] RELRO vs deferred binding
Date: Wed, 31 Mar 2021 11:02:11 -0400 [thread overview]
Message-ID: <20210331150211.GF25400@brightrain.aerifal.cx> (raw)
In-Reply-To: <alpine.LNX.2.20.13.2103311745100.2351@monopod.intra.ispras.ru>
On Wed, Mar 31, 2021 at 05:51:26PM +0300, Alexander Monakov wrote:
> On Wed, 31 Mar 2021, Rich Felker wrote:
>
> > Thanks for raising this. I think deferred binding needs to be updated
> > either to ignore RELRO if there are outstanding relocations (possibly
> > deferring it until they are all resolved)
>
> This seems undesirable as it leaves GOT unprotected for the rest of
> run time if unresolved relocations remain.
Yes, but in practice this is only for broken xorg modules and the
unresolved relocations are resolved by the time any attack-surface
code runs, no? Still I agree it's better to avoid this.
> > or to unprotect and
> > reprotect on every incremental link. (This could be optimized out and
> > preserve some further safety by scanning the outstanding relocation
> > table and skipping the unprotect/reprotect if none of them lie in the
> > RELRO range.)
>
> Even better might be to do relocation normally and lazily unprotect RELRO
> on first relocation that needs that, then reprotect once done with that DSO.
> (i.e. without doing an additional scan, like your parenthesized statement
> seems to suggest)
That puts the additional branch/logic inside the hot path used by all
relocation processing rather than a path that's relegated to just
outstanding relocations on libraries that didn't declare their
dependencies properly.
My version looks something like, inside the for loop in
redo_lazy_relocs:
need_unprotect = 0;
for (i=0; i<size; i+=3);
if ((uintptr_t)laddr(p, p->lazy[i])-relro_start < relro_end)
need_unprotect = 1;
if (need_unprotect) mprotect(...);
do_relocs(...);
if (need_unprotect) mprotect(...);
Does that look reasonable?
Rich
next prev parent reply other threads:[~2021-03-31 15:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-31 14:27 Alexander Monakov
2021-03-31 14:33 ` Rich Felker
2021-03-31 14:51 ` Alexander Monakov
2021-03-31 15:02 ` Rich Felker [this message]
2021-03-31 15:27 ` Alexander Monakov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210331150211.GF25400@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=amonakov@ispras.ru \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).