verma wrote: > libc.so.1 Program Header[1] p_flags: [ PF_W PF_R ] > foo.so Program Header[1] p_flags: [ PF_X PF_W PF_R ] > why this is not same permission to both.since both are shared object. > > Next I want to know about ld.so.1 elfdump which have same as foo.so in > Program Header[1] p_flags: [ PF_X PF_W PF_R ]p_flags: [ PF_X PF_W > PF_R ]
The default data segment permissions for sparc and intel are PF_X PF_W PF_R. The default data segment permissions for amd64 are PF_W PF_R. These are defined by their ABI's. In the OS we often remove the PF_X from our libraries using the mapfile /usr/lib/ld/map.noexdata. I believe the security folks like things this way. A couple of shared objects, libc and ld.so.1 still require executable data segments as these segments contain DTrace scratch areas. One my Nevada machine I have: /lib/libc.so.1: [ PF_X PF_W PF_R ] /lib/ld.so.1: [ PF_X PF_W PF_R ] /lib/libelf.so.1: [ PF_W PF_R ] <-- example of generic OS lib. Bottom line, you get the default permissions defined by the associate ABI, or you use one of our mapfiles to change the permission. -- Rod
