[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/28824] relro security issues
|
From: |
rfhn.fhbrrjnzeneqpf at noclue dot notk.org |
|
Subject: |
[Bug ld/28824] relro security issues |
|
Date: |
Sat, 21 Jan 2023 04:26:40 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=28824
--- Comment #13 from Dominique Martinet <rfhn.fhbrrjnzeneqpf at noclue dot
notk.org> ---
> See commit 1a26a53a0dee
That commit is about arm32, which apparently had the same problem, but aarch64
is in a similar place except that larger page sizes are actually used (I use
4K, but asahi linux is configured with 16K, and HPC people do use 64K from what
I've heard) so the same "fix" cannot be applied there.
I've confirmed at least master (yesterday's,
b863a2687319cc8deae279f3cc7861ff506a0575 - 2023/01/20) still exhibit the
problem with aarch64 (there's probably a better way to run this, but it seems
to work):
```
$ echo 'int main() { return 0; }' | aarch64-linux-gnu-gcc -xc - -c -o foo.o
$ /opt/binutils/bin/aarch64-linux-gnu-ld.bfd --as-needed -dynamic-linker
/lib/ld-linux-aarch64.so.1 -X -EL -maarch64linux --fix-cortex-a53-843419 -pie
-o foo
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/Scrt1.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/crti.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/crtbeginS.o
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib
-L/lib/aarch64-linux-gnu -L/lib/../lib -L/usr/lib/aarch64-linux-gnu
-L/usr/lib/../lib
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib
foo.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state
--as-needed -lgcc_s --pop-state
/usr/lib/gcc-cross/aarch64-linux-gnu/12/crtendS.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/crtn.o
$ ls -l foo
-rwxr-xr-x 1 user user 69K Jan 21 12:56 foo*
```
> In the mold linker, we are dealing with the issue by mapping the page that is
at the boundary of relro and non-relro twice as the last relro page and the
first non-relro page
I like this, thanks! (psykose/alice confirmed lld does not have the problem on
alpine, but I am not sure if they do the correct thing™ here security-wise --
it's good to have a concrete idea here)
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/28824] relro security issues, rfhn.fhbrrjnzeneqpf at noclue dot notk.org, 2023/01/20
- [Bug ld/28824] relro security issues, amodra at gmail dot com, 2023/01/20
- [Bug ld/28824] relro security issues, rui314 at gmail dot com, 2023/01/20
- [Bug ld/28824] relro security issues,
rfhn.fhbrrjnzeneqpf at noclue dot notk.org <=
- [Bug ld/28824] relro security issues, rui314 at gmail dot com, 2023/01/20
- [Bug ld/28824] relro security issues, hp at sourceware dot org, 2023/01/21
- [Bug ld/28824] relro security issues, hp at sourceware dot org, 2023/01/21
- [Bug ld/28824] relro security issues, rui314 at gmail dot com, 2023/01/21
- [Bug ld/28824] relro security issues, rui314 at gmail dot com, 2023/01/21
- [Bug ld/28824] relro security issues, amodra at gmail dot com, 2023/01/23
- [Bug ld/28824] relro security issues, amodra at gmail dot com, 2023/01/24
- [Bug ld/28824] relro security issues, rui314 at gmail dot com, 2023/01/24
- [Bug ld/28824] relro security issues, i at maskray dot me, 2023/01/24
- [Bug ld/28824] relro security issues, amodra at gmail dot com, 2023/01/24