On 31 May 2010, at 20:29, Florian Klaempfl wrote: >>> According to SELinux, this is a security issue.. >> I guess that it may prevent some address space randomization features. I >> very much doubt that it opens up security holes by itself though. > > The .so should be still relocatable? The point about pic is that one page can > be mapped on different virtual addresses in different processes, i.e. the > page can be reused.
You're right. Apparently, the reason is that the memory pages containing the code of the library cannot be marked as "read-only" by the kernel (because the dynamic linker still has to write to them, to fix up the relocations). But afaik the dynamic linker itself could still do it once it's finished with the relocations, so I don't really see what the issue is (and again, this by itself does not open up security holes, it can only make exploiting existing security holes a bit easier). Jonas_______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal