[Bug target/77408] New: Copy relocation turns read-only data into writable
hjl.tools at gmail dot com
gcc-bugzilla@gcc.gnu.org
Mon Aug 29 21:54:00 GMT 2016
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77408
Bug ID: 77408
Summary: Copy relocation turns read-only data into writable
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: hjl.tools at gmail dot com
CC: ubizjak at gmail dot com
Target Milestone: ---
Target: x86
On x86, copy relocation is used in executable to access external data
defined in shared object as if it is defined locally. At run-time,
dynamic linker copies symbol data from shared object to executable and
its references from shared objects are resolved by GLOB_DAT relocation.
Since the copy of symbol data in executable is writable even if the
original symbol in shared object is read-only, this is a potential
security risk.
We can avoid copy relocation by always using PIC model to access
external data symbol. If the external symbol is defined locally in
executable, linker can optimize instructions on memory operand with
GOTPCRELX/GOT32X relocation against external symbol into a different
form on immediate operand.
More information about the Gcc-bugs
mailing list