From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1EmIiI-0007HL-P4 for garchives@archives.gentoo.org; Tue, 13 Dec 2005 22:33:39 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jBDMWtx7013191; Tue, 13 Dec 2005 22:32:55 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jBDMV0lw028412 for ; Tue, 13 Dec 2005 22:31:00 GMT Received: from compnerd by smtp.gentoo.org with local (Exim 4.54) id 1EmIfj-0000Dk-Vc for gentoo-dev@lists.gentoo.org; Tue, 13 Dec 2005 22:30:59 +0000 Date: Tue, 13 Dec 2005 22:30:59 +0000 From: "Saleem A." To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Textrels in packages policy Message-ID: <20051213223059.GA2065@gentoo.org> References: <20051213205903.GA27045@aerie.halcy0n.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: <20051213205903.GA27045@aerie.halcy0n.com> User-Agent: Mutt/1.5.11 X-Archives-Salt: e06a4fd5-8b8d-4003-ab4b-2d1ce453bfab X-Archives-Hash: 7d28ce4f6ccddf06cd6c0c2efa8a4f55 --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, 13 Dec 2005, Mark Loeser wrote: > Basically what I'm looking for here is an easy to understand explanation = of > what textrels are, why they are bad, and why they should hold back markin= g a > package stable. The only information I've been able to find states that = they > could cause a performance hit, but this doesn't seem to warrant banning t= hem > completely in my eyes. Given my limited knowledge on this, this is my understanding. TEXTRELS are basically text relocations. What this is, is relocation within the text segment of the process image. This brings up the question of what a relocation is. A relocation is simply the replacement of some text with a memory location. The big issue with this is that the text segment is usually suppose to be read only for security reasons. But because the text segment needs a relocation, it needs to be read-write since the relocation happens at runtime dynamically. The constant need to look up the address is what causes the performance degredation. The performance degredation however is of no worry to us. The issue is that since the text segment is now read-write, the image of the process is no longer guaranteed to remain the same as it can be overwritten (allowing code modifications at runtime which can happen other ways as well). Because of this, the application is far more vurnerable to arbitrary code execution as if an exploit manages to overwrite the text segment properly, it can execute code that it wants. I am not sure how correct this explanation is or it is even what you were looking for. > Getting a clear cut policy on exactly what issues should hold a package b= ack=20 > from being marked stable is what I'm looking for. Issues like textrels,= =20 > executable stacks, etc is what I'm looking for to be defined and explaine= d why=20 > we are to always avoid them. This should be added to existing documentat= ion > policy so it is somewhere for new devs to know about, and existing devs to > have for a reference. I agree, this would be very nice to have. It would make stabilization of packages a little bit easier. Thanks. Saleem Abdulrasool compnerd (at) gentoo (dot) org --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQCVAwUBQ59Lo8vV3jMtVkXlAQL+3gP+NAeK4U5LyXSNKLC4S9O4UbPCiYHm1i+T OWGLAv8ZET8hN9qWTpWsQ/GcP8cutIZoSq55gJQFaG9FZCepfFr7euGE6y5Luo1n lsCuy2Ryev9DoeObgBHARkINCBR42dx8fTDUNqK1xStg6CxjiVaFcwnv2kzEuzfz EmTVA8K0QH8= =YJ6c -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N-- -- gentoo-dev@gentoo.org mailing list