[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/30877] [BUG][RISCV]relro protection not working in riscv
From: |
akhilesh.k at samsung dot com |
Subject: |
[Bug ld/30877] [BUG][RISCV]relro protection not working in riscv |
Date: |
Fri, 22 Sep 2023 08:03:50 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=30877
--- Comment #1 from Akhilesh Kumar <akhilesh.k at samsung dot com> ---
below are the test results on RISC_V target
Summary
Even we compiled this application with -z,relro,-z,now on pmap showing .got
address as RW
Test Results :-
user@starfive:~/akhilesh$ gcc -g -Wl,-z,relro,-z,now -o test test.c
user@starfive:~/akhilesh$ readelf -a test | grep RELRO
GNU_RELRO 0x0000000000000df8 0x0000000000001df8 0x0000000000001df8
user@starfive:~/akhilesh$ readelf -a test | grep NOW
0x000000000000001e (FLAGS) BIND_NOW
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
user@starfive:~/akhilesh$ gdb -q test
Reading symbols from test...
gdb-peda$ check
checkpoint checksec
gdb-peda$ checksec
Warning: 'set logging off', an alias for the command 'set logging enabled', is
deprecated.
Use 'set logging enabled off'.
Warning: 'set logging on', an alias for the command 'set logging enabled', is
deprecated.
Use 'set logging enabled on'.
CANARY : disabled
FORTIFY : disabled
NX : ENABLED
PIE : ENABLED
RELRO : FULL
gdb-peda$
gdb-peda$ b main
Breakpoint 1 at 0x6ca: file test.c, line 7.
gdb-peda$ shel objdump -R test | grep printf
Ambiguous command "shel objdump -R test | grep printf ": shell, shellcode.
gdb-peda$ shell objdump -R test | grep printf
0000000000002028 R_RISCV_JUMP_SLOT printf@GLIBC_2.27
gdb-peda$ b main
Note: breakpoint 1 also set at pc 0x6ca.
Breakpoint 2 at 0x6ca: file test.c, line 7.
gdb-peda$ r
Starting program: /home/user/akhilesh/test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/riscv64-linux-gnu/libthread_db.so.1".
Warning: 'set logging off', an alias for the command 'set logging enabled', is
deprecated.
Use 'set logging enabled off'.
Warning: 'set logging on', an alias for the command 'set logging enabled', is
deprecated.
Use 'set logging enabled on'.
Breakpoint 1, main (argc=0x1, argv=0x3ffffff418) at test.c:7
7 size_t *p = (size_t *) strtol(argv[1], NULL, 16);
gdb-peda$ b main
Note: breakpoints 1 and 2 also set at pc 0x2aaaaaa6ca.
Breakpoint 3 at 0x2aaaaaa6ca: file test.c, line 7.
gdb-peda$ p/x 0x2aaaaaa6ca -0x6ca + 0x002028
$1 = 0x2aaaaac028
gdb-peda$ test 0x2aaaaac028
Undefined command: "test". Try "help".
gdb-peda$ r 0x2aaaaac028
Starting program: /home/user/akhilesh/test 0x2aaaaac028
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/riscv64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=0x2, argv=0x3ffffff408) at test.c:7
7 size_t *p = (size_t *) strtol(argv[1], NULL, 16);
gdb-peda$ shell ps -s
UID PID PENDING BLOCKED IGNORED
CAUGHT STAT TTY TIME COMMAND
1000 28404 0000000000000000 0000000000010000 0000000000384004
000000004b813efb Ss pts/1 0:02 -bash
1000 28713 0000000000000000 0000000000000000 0000000000000000
0000000000000000 T pts/1 0:01 find / -name libFLAC*
1000 42749 0000000000000000 0000000000000000 0000000001001000
00000001080344e7 Sl+ pts/1 0:03 gdb -q test
1000 42773 0000000000000000 0000000000000000 0000000000000000
0000000000000000 t pts/1 0:00 /home/user/akhilesh/test 0x2aaaaac028
1000 42774 0000000000000000 0000000000000000 0000000000000000
000000007391fef9 R+ pts/1 0:00 ps -s
gdb-peda$ shell p
peda-session-test.txt peda-session-test_partial.txt
philwantsfish-gdb_commands-7b11f55/ philwantsfish-gdb_commands-7b11f55.zip
gdb-peda$ shell pmap 42773
42773: /home/user/akhilesh/test 0x2aaaaac028
0000002aaaaaa000 4K r-x-- test
0000002aaaaab000 4K r---- test
0000002aaaaac000 4K rw--- test ====== Showing RW even we used
-z,relro, -z, now
0000003ff7e9d000 1160K r-x-- libc.so.6
0000003ff7fbf000 12K r---- libc.so.6
0000003ff7fc2000 8K rw--- libc.so.6
0000003ff7fc4000 52K rw--- [ anon ]
0000003ff7fdd000 8K rw--- [ anon ]
0000003ff7fdf000 4K r---- [ anon ]
0000003ff7fe0000 4K r-x-- [ anon ]
0000003ff7fe1000 112K r-x-- ld-linux-riscv64-lp64d.so.1
0000003ff7ffd000 4K r---- ld-linux-riscv64-lp64d.so.1
0000003ff7ffe000 8K rw--- ld-linux-riscv64-lp64d.so.1
0000003ffffdf000 132K rw--- [ stack ]
total 1516K
gdb-peda$ maintenance info sections
Exec file: `/home/user/akhilesh/test', file type elf64-littleriscv.
[0] 0x2aaaaaa270->0x2aaaaaa291 at 0x00000270: .interp ALLOC LOAD READONLY
DATA HAS_CONTENTS
[1] 0x2aaaaaa294->0x2aaaaaa2b8 at 0x00000294: .note.gnu.build-id ALLOC
LOAD READONLY DATA HAS_CONTENTS
[2] 0x2aaaaaa2b8->0x2aaaaaa2d8 at 0x000002b8: .note.ABI-tag ALLOC LOAD
READONLY DATA HAS_CONTENTS
[3] 0x2aaaaaa2d8->0x2aaaaaa2fc at 0x000002d8: .gnu.hash ALLOC LOAD
READONLY DATA HAS_CONTENTS
[4] 0x2aaaaaa300->0x2aaaaaa3d8 at 0x00000300: .dynsym ALLOC LOAD READONLY
DATA HAS_CONTENTS
[5] 0x2aaaaaa3d8->0x2aaaaaa45e at 0x000003d8: .dynstr ALLOC LOAD READONLY
DATA HAS_CONTENTS
[6] 0x2aaaaaa45e->0x2aaaaaa470 at 0x0000045e: .gnu.version ALLOC LOAD
READONLY DATA HAS_CONTENTS
[7] 0x2aaaaaa470->0x2aaaaaa4a0 at 0x00000470: .gnu.version_r ALLOC LOAD
READONLY DATA HAS_CONTENTS
[8] 0x2aaaaaa4a0->0x2aaaaaa560 at 0x000004a0: .rela.dyn ALLOC LOAD
READONLY DATA HAS_CONTENTS
[9] 0x2aaaaaa560->0x2aaaaaa5a8 at 0x00000560: .rela.plt ALLOC LOAD
READONLY DATA HAS_CONTENTS
[10] 0x2aaaaaa5b0->0x2aaaaaa600 at 0x000005b0: .plt ALLOC LOAD READONLY
CODE HAS_CONTENTS
[11] 0x2aaaaaa600->0x2aaaaaa70e at 0x00000600: .text ALLOC LOAD READONLY
CODE HAS_CONTENTS
[12] 0x2aaaaaa710->0x2aaaaaa723 at 0x00000710: .rodata ALLOC LOAD READONLY
DATA HAS_CONTENTS
[13] 0x2aaaaaa724->0x2aaaaaa738 at 0x00000724: .eh_frame_hdr ALLOC LOAD
READONLY DATA HAS_CONTENTS
[14] 0x2aaaaaa738->0x2aaaaaa764 at 0x00000738: .eh_frame ALLOC LOAD
READONLY DATA HAS_CONTENTS
[15] 0x2aaaaabdf8->0x2aaaaabe00 at 0x00000df8: .preinit_array ALLOC LOAD
DATA HAS_CONTENTS
[16] 0x2aaaaabe00->0x2aaaaabe08 at 0x00000e00: .init_array ALLOC LOAD DATA
HAS_CONTENTS
[17] 0x2aaaaabe08->0x2aaaaabe10 at 0x00000e08: .fini_array ALLOC LOAD DATA
HAS_CONTENTS
[18] 0x2aaaaabe10->0x2aaaaac000 at 0x00000e10: .dynamic ALLOC LOAD DATA
HAS_CONTENTS
[19] 0x2aaaaac000->0x2aaaaac008 at 0x00001000: .data ALLOC LOAD DATA
HAS_CONTENTS
[20] 0x2aaaaac008->0x2aaaaac058 at 0x00001008: .got ALLOC LOAD DATA
HAS_CONTENTS
[21] 0x2aaaaac058->0x2aaaaac060 at 0x00001058: .bss ALLOC
[22] 0x00000000->0x0000001f at 0x00001058: .comment READONLY HAS_CONTENTS
[23] 0x00000000->0x00000053 at 0x00001077: .riscv.attributes READONLY
HAS_CONTENTS
[24] 0x00000000->0x00000030 at 0x000010ca: .debug_aranges READONLY
HAS_CONTENTS
[25] 0x00000000->0x0000012d at 0x000010fa: .debug_info READONLY
HAS_CONTENTS
[26] 0x00000000->0x000000cc at 0x00001227: .debug_abbrev READONLY
HAS_CONTENTS
[27] 0x00000000->0x00000099 at 0x000012f3: .debug_line READONLY
HAS_CONTENTS
[28] 0x00000000->0x00000040 at 0x00001390: .debug_frame READONLY
HAS_CONTENTS
[29] 0x00000000->0x000000c7 at 0x000013d0: .debug_str READONLY
HAS_CONTENTS
[30] 0x00000000->0x0000006c at 0x00001497: .debug_line_str READONLY
HAS_CONTENTS
gdb-peda$
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/30877] New: [BUG][RISCV]relro protection not working in riscv, akhilesh.k at samsung dot com, 2023/09/22
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv, akhilesh.k at samsung dot com, 2023/09/22
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv,
akhilesh.k at samsung dot com <=
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv, address@hidden, 2023/09/22
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv, cvs-commit at gcc dot gnu.org, 2023/09/25
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv, akhilesh.k at samsung dot com, 2023/09/25
- [Bug ld/30877] [BUG][RISCV]relro protection not working in riscv, address@hidden, 2023/09/27