From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS3215 2.6.0.0/16 X-Spam-Status: No, score=-5.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 9F8971F8C6 for ; Wed, 15 Sep 2021 13:41:14 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A39F53857800 for ; Wed, 15 Sep 2021 13:41:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A39F53857800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1631713273; bh=Gn571QBdD8SyTJD11kg35PvZpyaY1BKFu/y96SnTC3U=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Imq1BtZ3HW1A1t+n0uQE4WZLw1CuhdWF1krqn+J4hNws756O7PsYWr94vKjEYK7cz 3kA7tVOuMKO3DQClfd7ocSsBd0ghF8mews+sfKvz3qEorEAFonNqIadNVESLC00kAx jLD3xYfopBZvUgh29VrbyBurUWpBkLnuvN65+vCU= Received: from burlywood.elm.relay.mailchannels.net (burlywood.elm.relay.mailchannels.net [23.83.212.26]) by sourceware.org (Postfix) with ESMTPS id B45C33858403 for ; Wed, 15 Sep 2021 13:40:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org B45C33858403 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B477F782BEF; Wed, 15 Sep 2021 13:04:22 +0000 (UTC) Received: from pdx1-sub0-mail-a55.g.dreamhost.com (100-96-99-44.trex-nlb.outbound.svc.cluster.local [100.96.99.44]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 36DE8782BED; Wed, 15 Sep 2021 13:04:22 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a55.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.99.44 (trex/6.4.3); Wed, 15 Sep 2021 13:04:22 +0000 X-MC-Relay: Junk X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Inform-Shrill: 0d3bb8576247283e_1631711062494_3222605706 X-MC-Loop-Signature: 1631711062493:1245529296 X-MC-Ingress-Time: 1631711062493 Received: from pdx1-sub0-mail-a55.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a55.g.dreamhost.com (Postfix) with ESMTP id E11D887A96; Wed, 15 Sep 2021 06:04:21 -0700 (PDT) Received: from [192.168.1.174] (unknown [1.186.224.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a55.g.dreamhost.com (Postfix) with ESMTPSA id 3231887A95; Wed, 15 Sep 2021 06:04:19 -0700 (PDT) Subject: Re: [PATCH v2] ld.so: Handle read-only dynamic section gracefully [BZ #28340] To: Florian Weimer References: <20210915013653.1802776-1-siddhesh@sourceware.org> <87ee9qt93e.fsf@oldenburg.str.redhat.com> <87zgserpzr.fsf@oldenburg.str.redhat.com> X-DH-BACKEND: pdx1-sub0-mail-a55 Message-ID: Date: Wed, 15 Sep 2021 18:34:14 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <87zgserpzr.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Siddhesh Poyarekar via Libc-alpha Reply-To: Siddhesh Poyarekar Cc: libc-alpha@sourceware.org Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" On 9/15/21 5:48 PM, Florian Weimer via Libc-alpha wrote: > * Siddhesh Poyarekar: > >> On 9/15/21 4:10 PM, Florian Weimer wrote: >>> As far as I can tell, this does not check whether the DYNAMIC segment is >>> actually covered by a read-write LOAD segment. I wonder how much value >>> this imperfect check has. >> >> I reckon there's less value in trying to make this corner case work; I >> can't think of a reason for someone (outside of the VDSO use case) to >> do this on purpose. Read-only DYNAMIC segments in ET_DYN objects >> shouldn't be a supported use case. > > Sure, but the corresponding LOAD segment is read-only as well, that's > what actually matters. I don't understand. Why isn't the fact that the DYNAMIC segment is read-only sufficient to bail out with at error? Or to rephrase, what valid use case would we be supporting by checking flags on the LOAD segment containing the .dynamic section to check for write permission? I know that the crash wouldn't happen if the LOAD was read-write, but I don't know if the additional check covers a valid use case. > And they do not want multiple LOAD segments because it can fit all on > the same page. We would end up with an RWX segment if we made this > single LOAD segment writable, which is probably even more confusing. Right. > So I guess the status quo is probably best. I don't know about that :) > Maybe someone else can comment on the additional detection. In the > past, we said that crashes on corrupt ELF files weren't something we > cared about, but I increasingly see th value of good diagnostics for > common special cases. This seems like a situation where we can add an inexpensive check and not crash. > (See also the discussion about DSOs without entry points.) I need to collect my thoughts about that. I had run into it last year and I need to see if I had written something down then. I'd definitely like to know if there is a historical perspective to setting .text as the entry point by default. Siddhesh