RELRO Checking is not correct

[ZhangZhuoSJTU]

PEDA's RELRO checking is incomplete.

In my case, it may identify a crafted ELF file without RELRO as FULL RELRO, which generates difficulty for writing exploit.

gdb-peda$ checksec
CANARY    : disabled
FORTIFY   : disabled
NX        : ENABLED
PIE       : disabled
RELRO     : FULL

gdb-peda$ p puts
$1 = {<text variable, no debug info>} 0x400480 <puts@plt>

gdb-peda$ nearpc 0x400480
   0x400471:	xor    eax,0x200b92
   0x400476:	jmp    QWORD PTR [rip+0x200b94]        # 0x601010
   0x40047c:	nop    DWORD PTR [rax+0x0]
   0x400480 <puts@plt>:	jmp    QWORD PTR [rip+0x200b92]        # 0x601018
   0x400486 <puts@plt+6>:	push   0x0
   0x40048b <puts@plt+11>:	jmp    0x400470
   0x400490 <quick_exit@plt>:	jmp    QWORD PTR [rip+0x200b8a]        # 0x601020
   0x400496 <quick_exit@plt+6>:	push   0x1

gdb-peda$ telescope 0x601018
0000| 0x601018 --> 0x7ffff7a64a30 (push   r13)
0008| 0x601020 --> 0x7ffff7a27810 (lea    rsi,[rip+0x3a7f09]        # 0x7ffff7dcf720)
0016| 0x601028 --> 0x7ffff7af4180 (lea    rax,[rip+0x2e0771]        # 0x7ffff7dd48f8)
0024| 0x601030 --> 0x0
0032| 0x601038 --> 0x0
0040| 0x601040 --> 0x0
0048| 0x601048 --> 0x0
0056| 0x601050 --> 0x0

gdb-peda$ vmmap 0x601018
Start              End                Perm	Name
0x00601000         0x00602000         rw-p	/u/antor/u28/zhan3299/trojai/ZeroPatch/workshop/easiest_patch

It is easy to check that the GOT of puts function is writable, but checksec reports is as FULL RELRO

Details can be found here

easiest_patch.zip

[JackJuly]

same problem