Andrei Homescu
Andrei Homescu
Commit 17843f1c fixes this.
Seems to still occur for LLVM, but not for other software.
Another solution would be to use a bitmap to mark applied relocations, with one bitmap bit per byte in the binary, which would require 12.5% extra memory during randomization.
Later testing showed that we need to pin the `.txtrp` section from `crti.o` ourselves (using an anchor reloc in `.init`), as implemented in commit https://github.com/immunant/selfrando/commit/4d3b52cae8c4d18a718a918f72f948641334867f
For now, support for `.gnu.linkonce` sections is limited: they are allowed in object files, but we do not emit TRaP information for them. To support 32-bit x86 `crti.o`, we uses...
@Le0nX Are you also on Ubuntu 16.04? If so, what version of binutils are you using (the packages site says 2.26.1, is that right)? We've had other problems with older...
Commits 7d9ab0957ae07ca3f2acfd8b16ba09551979ff6f, b06d954dfd9e5c640189d39508dffe8d85c63c33 and 67c6c7d8bdf997e38e301ba136d701c1bba32ad5 fix most of this. We should investigate if there are more cases.
Possible solution: ptrace-based tool that intercepts execve calls. If the tool detects an invocation of the linker (with gcc as the parent process), we'd interpose such that the selfrando linker-wrapper...
I think we'd also need to add a way to send that signal to the kernel, if the security mechanism doesn't provide one. If that's the case, this would only...
Looking at these, I think we should ignore the misaligned accesses (they're working as intended IMHO). Some of these are accesses to TRaP info contents (which we want to be...