Library RELRO sections are excluded from the immutable list, because ld.so

tweaks them quite late.  _dl_relro() is called when that work is done, and
the final mprotect PROT_READ happens.  Then we can make mark it immutable.
ok kettenis

diff --git a/libexec/ld.so/loader.c b/libexec/ld.so/loader.c
index c9e8082..7d52d15 100644 (file)
--- a/libexec/ld.so/loader.c
+++ b/libexec/ld.so/loader.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: loader.c,v 1.197 2022/11/06 11:34:50 deraadt Exp $ */
+/*     $OpenBSD: loader.c,v 1.198 2022/11/06 11:38:54 deraadt Exp $ */
 
 /*
  * Copyright (c) 1998 Per Fogelstrom, Opsycon AB
@@ -795,6 +795,10 @@ _dl_relro(elf_object_t *object)
                DL_DEB(("protect RELRO [0x%lx,0x%lx) in %s\n",
                    addr, addr + object->relro_size, object->load_name));
                _dl_mprotect((void *)addr, object->relro_size, PROT_READ);
+
+               /* if library will never be unloaded, RELRO can be immutable */
+               if ((object->obj_flags & DF_1_NODELETE))
+                       _dl_mimmutable((void *)addr, object->relro_size);
        }
 }