From patchwork Mon Jan 12 17:38:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 127916 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id C59EF4BA2E22 for ; Mon, 12 Jan 2026 17:39:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C59EF4BA2E22 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=L54u3n2b X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id E79134BA2E04 for ; Mon, 12 Jan 2026 17:38:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E79134BA2E04 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E79134BA2E04 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1768239540; cv=none; b=vzbUN0mHDAWpp/+0J0EgUo9OZiMa7T6xnKPWfPMNPFp/UwG0x244GT0WxiikaIdRXT5SIoY6L5SKl7oZL8wr6E9b8TpZOzVCnUqsnVqxAGT8FGjgliB2EhrTBn/Ruk7qG+AHqyfiqQAeacQNUh8CQ9lp39HwiC0MIouLxucWnzI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1768239540; c=relaxed/simple; bh=3pGJlGmQ8HseOCphERppilgwLfRDQnCUGjeUm+5Q3XE=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=dj5ToetzY9e9gaH82eL5u50JPY21vZXDk8Kr3uyHBP9AuZFooiqTnLZbj9AgKt8nujsMByDu0T9rCpa8XmFqNf/py2pjWLdTgezBXRAQiyJMRYJvJlyClkeeI5ogYokYqwAGd3g/Qx/Iv+8L4kqO7YwpDJWOon02t/OeIVgH98E= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E79134BA2E04 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768239534; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=S1ckKy/VIEI1GTQDA2mvfU5O3BkBj89//KK9gyZE9G4=; b=L54u3n2bct/K4+hk2k44TrkAq1tBbdbRUyVEygwoDuICGw5gqVPlC411ZdgdaaQFtbMloM kiYxqbDgqgn2eDKR9mFaXxiJ9JMO5Z0BG42LC6M4KJZUITM5Ht+0BySsNU7aKtPPFCzAMW aQAtAl5J8cIR0+k4wRHs/kJABGl2Dzg= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-301-eoJfNUdROuCU71Q8ZTZXbQ-1; Mon, 12 Jan 2026 12:38:53 -0500 X-MC-Unique: eoJfNUdROuCU71Q8ZTZXbQ-1 X-Mimecast-MFC-AGG-ID: eoJfNUdROuCU71Q8ZTZXbQ_1768239532 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1E7E119560A6 for ; Mon, 12 Jan 2026 17:38:52 +0000 (UTC) Received: from fweimer-oldenburg.csb.redhat.com (unknown [10.44.32.58]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 650E418004D8 for ; Mon, 12 Jan 2026 17:38:51 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH v3] manual: Updates for the dynamic linker hardening recommendations Date: Mon, 12 Jan 2026 18:38:48 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: rCRfh30Fj_t6lUoAr5DpC2ZkukiNV4EVgzcXwWoSwg4_1768239532 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This update addresses text relocations, and clarifies constructor/destructor priorities by mentioning the relevant GCC attributes. --- v3: Fix typos identified by Alexander Monakov. manual/dynlink.texi | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) base-commit: 78fdb2d6b1c34ea8e779fd48f9436dfbd50b6387 diff --git a/manual/dynlink.texi b/manual/dynlink.texi index a78a065af4..241d04406a 100644 --- a/manual/dynlink.texi +++ b/manual/dynlink.texi @@ -781,6 +781,14 @@ Do not use lazy binding. Lazy binding may require run-time memory allocation, is not async-signal-safe, and introduces considerable complexity. +@item +Do not use text relocations. Text relocations are often created by +accident if position-dependent code is linked into position-independent +executables or shared objects. Text relocations require creating +read-write-execute segments at run time, and text relocations are +typically more complex to process than the widely used data-only +relocation types. + @item Make dependencies on shared objects explicit. Do not assume that certain libraries (such as @code{libc.so.6}) are always loaded. @@ -870,12 +878,13 @@ Several considerations apply to ELF constructors and destructors. @itemize @bullet @item The dynamic linker does not take constructor and destructor priorities -into account when determining their execution order. Priorities are -only used by the link editor for ordering execution within a -completely linked object. If a dynamic shared object needs to be -initialized before another object, this can be expressed with a -@code{DT_NEEDED} dependency on the object that needs to be initialized -earlier. +into account when determining their execution order. Priorities can be +set using the GCC attributes @code{constructor}, @code{destructor}, and +@code{init_priority}. They are only used by the link editor for +ordering execution within a completely linked object. If a dynamic +shared object needs to be initialized before another object, this can be +expressed with a @code{DT_NEEDED} dependency on the object that needs to +be initialized earlier. @item The recommendations to avoid cyclic dependencies and symbol @@ -1105,7 +1114,8 @@ Use @option{-Wl,--error-rwx-segments} and @option{-Wl,--error-execstack} to instruct the link editor to fail the link if the resulting final object would have read-write-execute segments or an executable stack. Such issues usually indicate that the input files are not marked up -correctly. +correctly. Use @option{-Wl,z,text}, so that the link editor produces +errors instead of generating binaries with text relocations. @item Ensure that for each @code{LOAD} segment in the ELF program header, file @@ -1208,13 +1218,16 @@ should not contain @code{RPATH} or @code{RUNPATH} entries. @item Likewise, the dynamic segment should not show any @code{AUDIT}, -@code{DEPAUDIT}, @code{AUXILIARY}, @code{FILTER}, or +@code{DEPAUDIT}, @code{AUXILIARY}, @code{FILTER}, @code{TEXTREL} or @code{PREINIT_ARRAY} tags. @item If the dynamic segment contains a (deprecated) @code{HASH} tag, it must also contain a @code{GNU_HASH} tag. +@item +The @code{TEXTREL} flag (under the @code{FLAGS} tag) should not be used. + @item The @code{INITFIRST} flag (under @code{FLAGS_1}) should not be used.