On 2022-02-15 2:12 p.m., Christian Weisgerber wrote:
> Ted Bullock:
>> Interesting question to me, if you force writing to one of these const
>> variables (ignoring compiler warnings) what happens to the program? Are
>> there any security benefits to moving data to supposedly read only memory?
> 
> The tables in got.c etc. contain pointers, so they are placed in
> the .data.rel.ro section, where the ld.so(1) dynamic linker first
> updates the pointers to their final values and then maps the region
> read-only before calling the main program.
> 

While here is it worthwhile adjusting #defines like this :

#define GOT_HISTEDIT_PICK 'p'
#define GOT_HISTEDIT_EDIT 'e'
#define GOT_HISTEDIT_FOLD 'f'
#define GOT_HISTEDIT_DROP 'd'
#define GOT_HISTEDIT_MESG 'm'

to

const char GOT_HISTEDIT_PICK = 'p';
const char GOT_HISTEDIT_EDIT = 'e';
const char GOT_HISTEDIT_FOLD = 'f';
const char GOT_HISTEDIT_DROP = 'd';
const char GOT_HISTEDIT_MESG = 'm';

I've actually been wondering about this kind of thing for a long time.
Obviously preprocessor directives get written directly into the
executable code, whereas readonly const variables are stored elsewhere
and as variables their address can be taken.

I'm not sure about the semantics of it but W^R^X seems stronger to me in
my little brain than just W^X. Thoughts?

-- 
Ted Bullock <tbullock@comlore.com>