[Bug ld/28824] relro security issues

Fri, 20 Jan 2023 20:27:04 -0800 

https://sourceware.org/bugzilla/show_bug.cgi?id=28824

--- Comment #13 from Dominique Martinet <rfhn.fhbrrjnzeneqpf at noclue dot 
notk.org> ---
> See commit 1a26a53a0dee

That commit is about arm32, which apparently had the same problem, but aarch64
is in a similar place except that larger page sizes are actually used (I use
4K, but asahi linux is configured with 16K, and HPC people do use 64K from what
I've heard) so the same "fix" cannot be applied there.

I've confirmed at least master (yesterday's,
b863a2687319cc8deae279f3cc7861ff506a0575 - 2023/01/20) still exhibit the
problem with aarch64 (there's probably a better way to run this, but it seems
to work):
```
$ echo 'int main() { return 0; }' | aarch64-linux-gnu-gcc -xc - -c -o foo.o
$ /opt/binutils/bin/aarch64-linux-gnu-ld.bfd --as-needed -dynamic-linker
/lib/ld-linux-aarch64.so.1 -X -EL -maarch64linux --fix-cortex-a53-843419 -pie
-o foo
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/Scrt1.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/crti.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/crtbeginS.o
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib
-L/lib/aarch64-linux-gnu -L/lib/../lib -L/usr/lib/aarch64-linux-gnu
-L/usr/lib/../lib
-L/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib
foo.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state
--as-needed -lgcc_s --pop-state
/usr/lib/gcc-cross/aarch64-linux-gnu/12/crtendS.o
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/lib/../lib/crtn.o
$ ls -l foo
-rwxr-xr-x 1 user user  69K Jan 21 12:56 foo*
```

> In the mold linker, we are dealing with the issue by mapping the page that is
at the boundary of relro and non-relro twice as the last relro page and the
first non-relro page

I like this, thanks! (psykose/alice confirmed lld does not have the problem on
alpine, but I am not sure if they do the correct thing™ here security-wise --
it's good to have a concrete idea here)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Reply via email to