Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does that mean that linking against libc is mandatory and that applications are not allowed to bring their own version of libc along for instance when linked statically?


Statically linked programs automatically lose this protection, apparently.


Partly. If they jit, or have shellcode injected, that code is not mappable with syscall privilege.


This is a flag in the ELF binary section headers, if you don't want it, flag your entire binary as "syscalls allowed".


No. There's nothing special about libc.

(Oh, double checked, and uh, maybe. ld.so does treat libc specially if it finds it in the library list, but at that point, you are linking with libc. But afaik there's no requirement you use the system ld.so either.)


Then isn't Animats' point valid?


The point of doing this is not to protect against people bringing their own bad libc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: