From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-bounces+e=80x24.org@sourceware.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS17314 8.43.84.0/22
X-Spam-Status: No, score=-4.5 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,NICE_REPLY_A,
	RCVD_IN_DNSWL_HI,RDNS_DYNAMIC,SPF_HELO_PASS,SPF_PASS shortcircuit=no
	autolearn=ham autolearn_force=no version=3.4.2
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 8ADA01F8C8
	for <e@80x24.org>; Thu, 16 Sep 2021 14:11:43 +0000 (UTC)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 3A248385782A
	for <e@80x24.org>; Thu, 16 Sep 2021 14:11:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3A248385782A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1631801502;
	bh=KlUcnvfv7pAyAQ5sSznY47I4pV/SIcBhjkzS6CYfs9Q=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=UWhHhYARw0rW/7mBbpR72xf7FYbkhBsBA7Zqvc0+DOGCiVEOE0mY0+vefU759Qh4r
	 gZSh3k21REMU/c34mWm4SHPwGcWJyAMpOapAdf6IUYF/OEHpeA3uDhfpJUdEPH0u+1
	 TDCj0RhdfHbewx9JyY80Hsvi8kWoZF1tm3aTX4NY=
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTP id E00093858413
 for <libc-alpha@sourceware.org>; Thu, 16 Sep 2021 14:11:22 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E00093858413
Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com
 [209.85.219.70]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-218-PKmgC1jyNQigXQzS6QeFdA-1; Thu, 16 Sep 2021 10:11:20 -0400
X-MC-Unique: PKmgC1jyNQigXQzS6QeFdA-1
Received: by mail-qv1-f70.google.com with SMTP id
 l18-20020a056214039200b0037e4da8b408so50070174qvy.6
 for <libc-alpha@sourceware.org>; Thu, 16 Sep 2021 07:11:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:cc:references:from:organization:in-reply-to
 :content-transfer-encoding;
 bh=KlUcnvfv7pAyAQ5sSznY47I4pV/SIcBhjkzS6CYfs9Q=;
 b=NQwD4agBNBhfnUFzYTRPrVjekmben9aJdVSjdf3u2D5d6xGstZC0+mUcuqfE+WUUJN
 qCKJ6QsPA4Q+2TOiae1fwIX8Nbq/6FHCz276B/InzRHcQSZkgOubtr465sDA3UwXH4ll
 W+rke5jooR2JsVp2l8Ryx44TPnwDo+T/Yn2NXx379dSbIxbYViM5B6EzRoLzXYJVkmev
 Wp2YWBYpeYTdK0slbDeSX/rT5Q4sHFSUez1I2h+ngEzOJm6iCaijkkT50eHMKiZaPi8u
 2m2dcjX58dBHw30NLOC80nJPt6j0T5ynXjjMMPgR3iYyAS+qkJjBFub0N0SkOx905RLW
 sDxA==
X-Gm-Message-State: AOAM5316fICvL0NqkylNIngiOd5FwbgIipVZzwoFvYelu7hBq28FskoG
 8HnE3GCpCzGQTzonbnpJHtEH6WCjxmoO1tfbIWGpVnepQPzX46AbcUt3qLUXEncZHcC0QkqnGmO
 /sDpGKqkfKbg8rgz2QXiW
X-Received: by 2002:a37:e409:: with SMTP id y9mr3823850qkf.441.1631801479643; 
 Thu, 16 Sep 2021 07:11:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwC9MBmi4Ga8olhHhI29aVmhK3aVMLLUFbC5gk+6XwD4rNJHdTb16rZ/Q3SptuGb03t+j4Tfw==
X-Received: by 2002:a37:e409:: with SMTP id y9mr3823814qkf.441.1631801479318; 
 Thu, 16 Sep 2021 07:11:19 -0700 (PDT)
Received: from [192.168.1.16] (198-84-214-74.cpe.teksavvy.com. [198.84.214.74])
 by smtp.gmail.com with ESMTPSA id d12sm2349183qka.60.2021.09.16.07.11.18
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 16 Sep 2021 07:11:18 -0700 (PDT)
Message-ID: <0002ae3d-8957-2e3f-4fb3-298de3304ad2@redhat.com>
Date: Thu, 16 Sep 2021 10:11:17 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.1.0
Subject: Re: [PATCH] ld.so: Handle read-only dynamic section gracefully [BZ
 #28340]
To: Florian Weimer <fweimer@redhat.com>, "H.J. Lu" <hjl.tools@gmail.com>
References: <20210914190919.1728320-1-siddhesh@sourceware.org>
 <CAMe9rOp+gS63=eOnqHfWhhAeipBmsUzJ=4TEtMNZU1wshE+FUA@mail.gmail.com>
 <c7b54844-b9d0-b140-4b19-1c17ef8cd489@sourceware.org>
 <CAMe9rOoTUb6ZydtotZW8U-Q6Op0h77RTw_UgeOZXtiO_C1jqJg@mail.gmail.com>
 <ea957fa1-9fc0-cd6a-75d2-ffb2625687e7@sourceware.org>
 <CAMe9rOpwR0dotYyEsvdbj3d56sTRj_fMFQu-QEUP4Pywr3o6Sg@mail.gmail.com>
 <9d0f8dcc-35d4-d87a-b3b0-c006fdfe482f@sourceware.org>
 <CAMe9rOr7nQdaD=0BbwMJE8mEnD6KV52jP-sAdw9r2=sDzNULhg@mail.gmail.com>
 <877dfhp1lc.fsf@oldenburg.str.redhat.com>
Organization: Red Hat
In-Reply-To: <877dfhp1lc.fsf@oldenburg.str.redhat.com>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
From: Carlos O'Donell via Libc-alpha <libc-alpha@sourceware.org>
Reply-To: Carlos O'Donell <carlos@redhat.com>
Cc: Siddhesh Poyarekar <siddhesh@sourceware.org>,
 GNU C Library <libc-alpha@sourceware.org>
Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces+e=80x24.org@sourceware.org>

On 9/16/21 00:48, Florian Weimer via Libc-alpha wrote:
> * H. J. Lu:
> 
>> There is nothing wrong with read-only dynamic segment.
> 
> A relocated DYNAMIC array is part of the ABI for !DL_RO_DYN_SECTION.
> ELF requires that DT_STRTAB is present.  DT_STRTAB needs relocation.
> This means that for !DL_RO_DYN_SECTION, the dynamic segment cannot be in
> a read-ony LOAD segment for a valid ELF file.

I agree strongly with this position.

Even with PT_GNU_RELRO, we must only go in one direction from RW -> RO (to avoid
other security issues e.g. hardening not loosening the restrictions).

In theory the vDSO is invalid.

In practice it is a DL_RO_DYN_SECTION DSO but selected dynamically at runtime
rather than statically at compile time for the target.

-- 
Cheers,
Carlos.