From: Alexey Tourbin <at@altlinux.ru>
To: devel@altlinux.ru
Subject: [devel] Fwd: lj_udrepper: Text Relocations
Date: Tue, 6 Jun 2006 19:29:21 +0400
Message-ID: <20060606152921.GA9823@localhost.localdomain> (raw)
[-- Attachment #1: Type: text/plain, Size: 1164 bytes --]
textrelocs.html -- довольно интересный текст.
----- Forwarded message from rss2mail2 -----
Text Relocations at 03-06-2006 17:50:03
http://udrepper.livejournal.com/10666.html
People treated creating DSOs with text relocations so far cavalier
offense. The runtime automatically works around the problems the
programmers are responsible for and the costs and risks are not
immediately visible unless one thinks about the issue.
This changed with the SELinux memory protection bits which are enabled
in FC5 and later. Text relocations are a fatal flaw of a DSO or PIE
and must be avoided. Since people complain that it's hard to fix the
problem I've written code and wrote a little article on [0] how to fix
them.
For completeness I should mention that it is possible to label DSOs so
that the kernel allows text relocations. This is done using the
textrel_shlib_t label. But this really never should be regarded as a
solution, it's a work-around. Denying text relocations is a major
security feature.
[0] http://people.redhat.com/drepper/textrelocs.html
----- End forwarded message -----
[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]
next reply other threads:[~2006-06-06 15:29 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-06 15:29 Alexey Tourbin [this message]
2006-06-06 15:42 ` Dmitry V. Levin
2006-06-06 16:01 ` Alexey Tourbin
2006-06-06 20:24 ` Dmitry V. Levin
2006-06-07 5:12 ` Alexey Tourbin
2006-06-06 20:59 ` [devel] eu-findtextrel Dmitry V. Levin
2006-06-07 6:16 ` [devel] [JT] eu-findtextrel Michael Shigorin
2006-06-06 16:15 ` [devel] Fwd: lj_udrepper: Text Relocations Konstantin A. Lepikhov
2006-06-06 15:48 ` Led
2006-06-06 15:51 ` Dmitry V. Levin
2006-06-06 15:54 ` Led
2006-06-06 16:02 ` Alexey Tourbin
2006-06-06 16:24 ` Led
2006-06-07 6:47 ` Alexey Tourbin
2006-06-07 7:24 ` Sergey Pinaev
2006-06-07 7:42 ` Alexey Tourbin
2006-06-07 11:56 ` Yury Aliaev
2006-06-07 12:04 ` Alexey Tourbin
2006-06-07 12:25 ` [devel] блин Michael Shigorin
2006-06-07 12:33 ` Alexey Tourbin
2006-06-07 14:47 ` Yury Aliaev
2006-06-07 9:06 ` [devel] Fwd: lj_udrepper: Text Relocations Led
2006-06-07 10:42 ` Alexey Tourbin
2006-06-07 10:52 ` Kirill A. Shutemov
2006-06-07 11:01 ` Alexey Tourbin
2006-06-07 10:54 ` Led
2006-06-07 11:11 ` Alexey Tourbin
2006-06-07 11:22 ` Led
2006-06-07 11:41 ` Alexey Tourbin
2006-06-07 11:47 ` Led
2006-06-07 15:59 ` Konstantin A. Lepikhov
2006-06-06 20:38 ` Mikhail Zabaluev
2006-06-06 17:02 ` Alexey Tourbin
2006-06-06 17:46 ` Alexey I. Froloff
2006-06-06 19:13 ` Dmitry V. Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060606152921.GA9823@localhost.localdomain \
--to=at@altlinux.ru \
--cc=devel@altlinux.ru \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git