On Tue, Jun 18, 2019 at 09:00:35AM -0700, Yu-cheng Yu wrote: > On Tue, 2019-06-18 at 18:05 +0200, Florian Weimer wrote: > > * Yu-cheng Yu: > > > > > > I assumed that it would also parse the main executable and make > > > > adjustments based on that. > > > > > > Yes, Linux also looks at the main executable's header, but not its > > > NT_GNU_PROPERTY_TYPE_0 if there is a loader. > > > > > > > > > > > ld.so can certainly provide whatever the kernel needs. We need to tweak > > > > the existing loader anyway. > > > > > > > > No valid statically-linked binaries exist today, so this is not a > > > > consideration at this point. > > > > > > So from kernel, we look at only PT_GNU_PROPERTY? > > > > If you don't parse notes/segments in the executable for CET, then yes. > > We can put PT_GNU_PROPERTY into the loader. > > Thanks! Would this require the kernel and ld.so to be updated in a particular order to avoid breakage? I don't know enough about RHEL to know how controversial that might be. Also: What about static binaries distrubited as part of RHEL? A user would also reasonably expect static binaries built using the distro toolchain to work on top of the distro kernel... which might be broken by this. (When I say "broken" I mean that the binary would run, but CET protections would be silently turned off.) Cheers ---Dave
