From: Phil Blundell <philb@gnu.org>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Martin Jansa <martin.jansa@gmail.com>,
oe-core <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH] insane: detect and warn about relocations in .text
Date: Wed, 03 Oct 2012 13:39:30 +0100 [thread overview]
Message-ID: <1349267972.32611.121.camel@phil-desktop> (raw)
In-Reply-To: <1349263162.18301.28.camel@ted>
On Wed, 2012-10-03 at 12:19 +0100, Richard Purdie wrote:
> Am I right in thinking this is also a marginal help to 'security' since
> if the .text segment is loaded read only, it becomes slightly harder for
> certain kinds of overflow attacks to work?
Possibly a marginal help, though (for glibc at least) the dynamic linker
will restore the original protection on .text once the relocations have
been applied, so the window of time during which you could mount an
attack based on the writeable .text region will be fairly small. But in
principle you're right, for best security you don't want to have any
regions which are both writeable and executable.
p.
next prev parent reply other threads:[~2012-10-03 12:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-03 10:24 [PATCH] insane: detect and warn about relocations in .text Phil Blundell
2012-10-03 10:31 ` Martin Jansa
2012-10-03 10:44 ` Phil Blundell
2012-10-03 11:19 ` Richard Purdie
2012-10-03 12:39 ` Phil Blundell [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-10-03 15:42 Phil Blundell
2012-10-03 15:56 ` Mark Hatle
2012-11-06 17:24 Phil Blundell
2012-11-07 9:59 ` Mark Hatle
2012-11-07 14:37 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1349267972.32611.121.camel@phil-desktop \
--to=philb@gnu.org \
--cc=martin.jansa@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox