Hello. I'm trying to understand GNU_RELRO.
It's seem that GNU_RELRO is relevant only when it's offset is the same of an another segment (I'm not sure about this).
LOAD 0x0000000000002e28 0x0000000000003e28 0x0000000000003e28 0x0000000000000200 0x0000000000000208 RW 0x1000
. . .
GNU_RELRO 0x0000000000002e28 0x0000000000003e28 0x0000000000003e28 0x00000000000001d8 0x00000000000001d8 R 0x1
And in common ELF, this target segment is paired with section like ".got, .got.plt".
My goal is to change dynamically a writable segment into a read-only segment at runtime (without explicit call to mprotect).
But in this code:
format ELF executable $03
entry _start
segment executable readable
_start:
mov byte [_], $00
mov eax, $01
xor ebx, ebx
int $80
segment gnurelro
segment writable readable
_: db ?
the mapping for the second LOAD segment is always rw-. The write permission is still present.
So I guess the "relro trigger" is with the dynamic loader. But when I add:
segment interpreter
db "/usr/lib32/ld-2.32.so", $00 ; on my system
no matter if I have included the gnurelro or not, it's always segfault.
The strace:
execve("./a", ["./a"], 0x7ffed7a53df0 /* 38 vars */) = 0
[ Process PID=30501 runs in 32 bit mode. ]
brk(NULL) = 0x94b2000
arch_prctl(0x3001 /* ARCH_??? */, 0xffc74d58) = -1 EINVAL (Invalid argument)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x4} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)
I would be very grateful if someone can explain me what happened
.
Have a nice day.