Am 05.04.22 um 20:24 schrieb Cristian Rodríguez:
On Tue, Apr 5, 2022 at 2:17 PM Cristian Rodríguez <cristian@rodriguez.im> wrote:
You should also note that you will not be able to interpose symbols anymore, you need to relink everything again to do so.
Before somebody asks why it is because LD does PLT elision at build time.. it changes PLT->GOT when -z now since the whole reason for the existence of PLT is lazy binding.
Can you elaborate on this? The GOT is still filled out by the dynamic linker, so if the linker thinks a symbol should be interposed (and the logic behind interposition is architecture-independent of course), why can it not write the address of a different function into the GOT? Also this is not what I see locally (on Tumbleweed x86_64): $ cat test.cpp #include <iostream> int main() { std::cout << "Hello World"; } $ g++ -O2 -Wl,-z,now -o test test.cpp $ readelf --relocs --wide test Relocation section '.rela.dyn' at offset 0x6e0 contains 5 entries: Offset Info Type Symbol's Value Symbol's Name + Addend [...] Relocation section '.rela.plt' at offset 0x758 contains 4 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000403fc0 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 __cxa_atexit@GLIBC_2.2.5 + 0 0000000000403fc8 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 _ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_l@GLIBCXX_3.4.9 + 0 0000000000403fd0 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 _ZNSt8ios_base4InitC1Ev@GLIBCXX_3.4 + 0 0000000000403fd8 0000000900000007 R_X86_64_JUMP_SLOT 0000000000401060 _ZNSt8ios_base4InitD1Ev@GLIBCXX_3.4 + 0 $ objdump -d --no-show-raw-insn test [...] Disassembly of section .plt: 0000000000401020 <__cxa_atexit@plt-0x10>: 401020: push 0x2f8a(%rip) # 403fb0 <_GLOBAL_OFFSET_TABLE_+0x8> 401026: jmp *0x2f8c(%rip) # 403fb8 <_GLOBAL_OFFSET_TABLE_+0x10> 40102c: nopl 0x0(%rax) 0000000000401030 <__cxa_atexit@plt>: 401030: jmp *0x2f8a(%rip) # 403fc0 <__cxa_atexit@GLIBC_2.2.5> 401036: push $0x0 40103b: jmp 401020 <_init+0x20> 0000000000401040 <_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_l@plt>: 401040: jmp *0x2f82(%rip) # 403fc8 <_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_l@GLIBCXX_3.4.9> 401046: push $0x1 40104b: jmp 401020 <_init+0x20> 0000000000401050 <_ZNSt8ios_base4InitC1Ev@plt>: 401050: jmp *0x2f7a(%rip) # 403fd0 <_ZNSt8ios_base4InitC1Ev@GLIBCXX_3.4> 401056: push $0x2 40105b: jmp 401020 <_init+0x20> 0000000000401060 <_ZNSt8ios_base4InitD1Ev@plt>: 401060: jmp *0x2f72(%rip) # 403fd8 <_ZNSt8ios_base4InitD1Ev@GLIBCXX_3.4> 401066: push $0x3 40106b: jmp 401020 <_init+0x20> Disassembly of section .text: 0000000000401070 <main>: 401070: sub $0x8,%rsp 401074: mov $0xb,%edx 401079: mov $0x402004,%esi 40107e: mov $0x404040,%edi 401083: call 401040 <_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_l@plt> 401088: xor %eax,%eax 40108a: add $0x8,%rsp 40108e: ret 40108f: nop [...] So there is a PLT and it's being used. So maybe it's not using "-z now"? $ readelf --dynamic test Dynamic section at offset 0x2d78 contains 30 entries: Tag Type Name/Value [...] 0x000000000000001e (FLAGS) BIND_NOW 0x000000006ffffffb (FLAGS_1) Flags: NOW [...] Adding Michael Matz because perhaps I'm wrong. Everything I know about ELF interposition is from [1] and I know that this is not undisputed. Aaron [1] <https://maskray.me/blog/2021-05-16-elf-interposition-and-bsymbolic>