From 4d359a0c87b66020b9ea96ba593dfd2ba104a002 Mon Sep 17 00:00:00 2001 From: Markus Wichmann Date: Mon, 30 Mar 2026 19:16:37 +0200 Subject: [PATCH] Add relro support for static linking. In static PIE it is sensible to have a relro section, and so far no relro protections were applied in this case. For parity with dynamic linking, I am adding an explicit crash if relro protection fails, for the same conditions the dynlinker would fail. The syscall is inlined here, because TLS is not yet set up, and therefore syscall functions are not yet available. --- src/env/__init_tls.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/env/__init_tls.c b/src/env/__init_tls.c index a93141ed..21d3452b 100644 --- a/src/env/__init_tls.c +++ b/src/env/__init_tls.c @@ -83,7 +83,7 @@ static void static_init_tls(size_t *aux) { unsigned char *p; size_t n; - Phdr *phdr, *tls_phdr=0; + Phdr *phdr, *tls_phdr=0, *relro_phdr=0; size_t base = 0; void *mem; @@ -95,6 +95,8 @@ static void static_init_tls(size_t *aux) base = (size_t)_DYNAMIC - phdr->p_vaddr; if (phdr->p_type == PT_TLS) tls_phdr = phdr; + if (phdr->p_type == PT_GNU_RELRO) + relro_phdr = phdr; if (phdr->p_type == PT_GNU_STACK && phdr->p_memsz > __default_stacksize) __default_stacksize = @@ -102,6 +104,11 @@ static void static_init_tls(size_t *aux) phdr->p_memsz : DEFAULT_STACK_MAX; } + if (relro_phdr) { + long ret = __syscall(SYS_mprotect, (char *)base + relro_phdr->p_vaddr, relro_phdr->p_memsz, PROT_READ); + if (ret != 0 && ret != -ENOSYS) a_crash(); + } + if (tls_phdr) { main_tls.image = (void *)(base + tls_phdr->p_vaddr); main_tls.len = tls_phdr->p_filesz; -- 2.53.0