Bug 11171 – Text relocations in Phobos shared library

Have noticed that issue during package maintenance for Arch Linux and reporting by Martin Nowak request. Arch Linux automatically verifies all packages targeting official repos with own `namcap` tool. At some point I have noticed it warning me that `libphobos2.so` has text relocations. This is how package is built: https://github.com/Dicebot/Arch-PKGBUILDs/blob/master/dmd/PKGBUILD Essentially it is just `make -f posix.mak MODEL=$_archbits DMD=$srcdir/dmd/src/dmd RELEASE=1` $ uname -a Linux vbox-arch-64 3.11.2-1-ARCH #1 SMP PREEMPT Fri Sep 27 07:35:36 CEST 2013 x86_64 GNU/Linux $ readelf -d /usr/lib/libphobos2.so | grep TEXTREL 0x0000000000000016 (TEXTREL) 0x0 $ eu-readelf -r /usr/lib/libphobos2.so | wc -l 18615

P.S. version of shared library in question is https://www.archlinux.org/packages/community/x86_64/libphobos/ , it can be installed at any point by standard package manager (pacman)

Just noticed this too. It makes shared libraries unusable on hardened system (like grsecurity).

Duplicate of #5278?

(In reply to comment #3) > Duplicate of #5278? Likely, but it's not just Gentoo. I use Grsecurity kernel on Debian and get this error: ./prog: error while loading shared libraries: /usr/local/lib/libphobos2.so.0.64: cannot make segment writable for relocation: Permission denied The only solution is to disable MPROTECT for given exacutable. http://pax.grsecurity.net/docs/mprotect.txt

(In reply to comment #4) > (In reply to comment #3) > > Duplicate of #5278? > > Likely, but it's not just Gentoo. I'm aware, it should probably be renamed.

Indeed it's a problem that block SELinux out of the box. I stumbled over this today trying to run a binary with sandbox. In elfutils there is a small tool to find those relocations eu-findtextrel https://fedoraproject.org/wiki/User:Tibbs/Text_Relocation_Guidelines Seems like it mostly barks about vtblZ and initZ symbols in libphobos2.so. Those indeed need to contain absolute relocations but they should be data symbols, so I don't yet know what the problem is.

One cause of this bug is that the .minfo* sections are marked as read-only but require dynamic relocations. I think we should avoid the relocation and write the complete ModuleInfo into the .minfo sections, currently .minfo holds pointers to ModuleInfos.

There are more false read-only symbols, most notably initZ, vtblZ and deh_eh. We're supposed to put those into data.rel.ro sections when compiling -fPIC code. http://www.airs.com/blog/archives/189 http://stackoverflow.com/questions/7029734/what-is-the-data-rel-ro-used-for http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/specialsections.html

Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/1a99b8b6fea24094d483251cf7c8f2d4206813aa fix Issue 11171 - text relocations in shared phobos library - Read-only data with relocations cannot be added to CDATA, because text relocations are prohibited by many security checks (SELinux). Also text relocations effectively break sharing of read-only segments across multiple processes. https://github.com/D-Programming-Language/dmd/commit/70653611a580867c232eb451b17a0f73d72e0b62 Merge pull request #3187 from MartinNowak/fix11171 [dll] fix Issue 11171 – Text relocations in Phobos shared library

This is fixed for x86_64, but there are still text relocations on x86_32. The bug is also related to making ModuleInfo const, see bug 11543.

Can this be closed ? I think it't fixed since 2.067.

THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/dmd/issues/18688 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB