Develop Reference

NTLM authentication fails with .NET 6 (LDAP error 53), succeeds with .NET 4.7.2

In the client we are using the HttpClient with the UseDefaultCredentials option to authenticate against a Node.js server running express-nltm. The authentication is done using NTLM and express-nltm is communicating with an Active Directory server over LDAPS.
The client is compiled against .NET Standard 2.0. If .NET 4.7.2 is used as runtime everything works fine. However, if the same assembly is executed with .NET 6.0.4 the authentication fails since the the Active Directory server returns the error code 53 - unwilling to perform.
The authentication fails at the last step of the NTLM flow. It may be relevant that the first 58 bytes of the Authorization header sent by the client are equal for .NET 4.7.2 and .NET 6 except for bytes 51 and 53, so something seems to be done differently by .NET 6 in comparison to .NET 4.7.2. Additionally, the issue only occurs if the communication to the Active Directory is done over LDAPS. It works fine in case LDAP is used.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
.NET 4.7.2
78
84
76
77
83
83
80
0
3
0
0
0
24
0
24
0
130
0
0
0
24
0
24
0
.NET 6
78
84
76
77
83
83
80
0
3
0
0
0
24
0
24
0
130
0
0
0
24
0
24
0
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
.NET 4.7.2
154
0
0
0
20
0
20
0
88
0
0
0
6
0
108
0
0
0
16
0
16
0
114
0
.NET 6
154
0
0
0
20
0
20
0
88
0
0
0
6
0
108
0
0
0
16
0
16
0
114
0
49
50
51
52
53
54
55
56
57
58
.NET 4.7.2
0
0
0
0
0
0
178
0
0
0
.NET 6
0
0
16
0
16
0
178
0
0
0
So the questions would be
Has anything changed in the NTLM implementation between .NET 4.7.2 and .NET 6?
What is the significance of bytes 51 and 53 in the Authorization header?

awk keep column value 0 when two columns have value 0

I have infile.txt file with multiple columns and rows like this:
infile.txt
2020 01 13 00 28.5833 77.2000 979 0 282.6 284.3 285.4 0 0
2020 01 13 00 28.5833 77.2000 925 469.578 290.4 296.9 297.7 3.6 5.1
2020 01 13 00 28.5833 77.2000 909 613.987 290.8 298.8 299.5 4.7 3.3
2020 01 13 00 28.5833 77.2000 850 1169.4 288 301.6 303.1 9.3 0
2020 01 13 00 28.5833 77.2000 700 2776.28 279 308.9 309.6 0 7.1
2020 01 13 00 28.5833 77.2000 500 5561.01 258.1 314.6 314.8 14.2 11.9
and, I want to perform some column-based calculation as follows:
awk '{R=0; if($12) R=(('$g'/'$theta_vs')*($11-'$theta_vs')*($8-'$z_s'))/(($12^2)+($13^2)); print $1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,R }' > test.txt
This work perfect and keep R=0 when $12!=0 but this provides an output value 0 when $12==0 as follows:
outputfile:
2020 01 13 00 28.5833 77.2000 979 0 282.6 284.3 285.4 0 0 0
2020 01 13 00 28.5833 77.2000 925 469.578 290.4 296.9 297.7 3.6 5.1 5.08926
2020 01 13 00 28.5833 77.2000 909 613.987 290.8 298.8 299.5 4.7 3.3 9.01363
2020 01 13 00 28.5833 77.2000 850 1169.4 288 301.6 303.1 9.3 0 8.21755
2020 01 13 00 28.5833 77.2000 700 2776.28 279 308.9 309.6 0 7.1 0
2020 01 13 00 28.5833 77.2000 500 5561.01 258.1 314.6 314.8 14.2 11.9 16.3555
I want to keep R=0 when both $12 && $13 is 0.
How can I make it?
Thank you

Change
if ($12)
to
if ($12 || $13)
This will assign R if either of them is non-zero, and leave it at 0 if both of them are zero.

Could you please try following.
awk -v G="$g" -v theta="$theta_vs" -v z="$z_s" '{R=0; if($12 || $13) R=((G/theta)*($11-theta)*($8-z))/(($12^2)+($13^2)); print $1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,R }' Input_file
In case your lines have only 13 fields then as per Ed sir's suggestion adding following.
awk -v G="$g" -v theta="$theta_vs" -v z="$z_s" '{R=0; if($12 || $13) R=((G/theta)*($11-theta)*($8-z))/(($12^2)+($13^2)); print $0,R }' Input_file

DejaVu: free(): invalid next size (normal)

I have memory leak somewhere and unfortunately the repeated topic which appears on stack overflow didn't help; I don't really understand how this happens since I identified the dubious line from gdb run,
void read_data(std::string filename, number_type & parameter, number_type & n_part, number_type & mult){
std::ifstream infile(filename);
std::string line; // ERROR LINE
size_type counter_numbers = 0;
size_type counter_lines = 0;
while (infile)
{
std::getline(infile, line); // Read in current line
.
.
this is where it shows in gdb: free(): invalid next size (normal);
at string definition. Why would this happen; Any ideas?
thanks, Damir
Running as
g++ -std=c++11 -I/users/damir/gsl/include/ -L/users/damir/gsl/lib/ -lgsl -lgslcblas -g -o MultB analysis_mult_b.cpp
PS (valgrind output)
valgrind ./MultB arg1 arg2 arg3 arg4
==39918== Command: ./MultB arg1 arg2 arg3 arg4
==39918==
==39918== Invalid write of size 8
==39918== at 0x405B55: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x404531: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x5582B44: (below main) (libc-start.c:287)
==39918== Address 0x591e530 is 0 bytes after a block of size 400 alloc'd
==39918== at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==39918== by 0x512B654: ??? (in /cvmfs/it/compiler/gcc/9.1.0/lib64/libstdc++.so.6.0.26)
==39918== by 0x404531: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x5582B44: (below main) (libc-start.c:287)
==39918==
--39918-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--39918-- si_code=80; Faulting address: 0x0; sp: 0x802b99de0
valgrind: the 'impossible' happened:
Killed by fatal signal
host stacktrace:
==39918== at 0x380B1870: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==39918== by 0x38072784: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==39918== by 0x38072956: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==39918== by 0x380F6D27: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==39918== by 0x38105B60: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==39918== at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==39918== by 0x512B654: ??? (in /cvmfs/it/compiler/gcc/9.1.0/lib64/libstdc++.so.6.0.26)
==39918== by 0x40455D: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x5582B44: (below main) (libc-start.c:287)
Output from readlef -WS ./MultB:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 00000000004002a8 0002a8 00001c 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 00000000004002c4 0002c4 000020 00 A 0 0 4
[ 3] .hash HASH 00000000004002e8 0002e8 000334 04 A 5 0 8
[ 4] .gnu.hash GNU_HASH 0000000000400620 000620 00005c 00 A 5 0 8
[ 5] .dynsym DYNSYM 0000000000400680 000680 0009f0 18 A 6 1 8
[ 6] .dynstr STRTAB 0000000000401070 001070 000fe1 00 A 0 0 1
[ 7] .gnu.version VERSYM 0000000000402052 002052 0000d4 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 0000000000402128 002128 0000c0 00 A 6 4 8
[ 9] .rela.dyn RELA 00000000004021e8 0021e8 000048 18 A 5 0 8
[10] .rela.plt RELA 0000000000402230 002230 000918 18 AI 5 24 8
[11] .init PROGBITS 0000000000403000 003000 00001a 00 AX 0 0 4
[12] .plt PROGBITS 0000000000403020 003020 000620 10 AX 0 0 16
[13] .plt.got PROGBITS 0000000000403640 003640 000008 08 AX 0 0 8
[14] .text PROGBITS 0000000000403650 003650 00a342 00 AX 0 0 16
[15] .fini PROGBITS 000000000040d994 00d994 000009 00 AX 0 0 4
[16] .rodata PROGBITS 000000000040e000 00e000 000208 00 A 0 0 16
[17] .eh_frame_hdr PROGBITS 000000000040e208 00e208 0010cc 00 A 0 0 4
[18] .eh_frame PROGBITS 000000000040f2d8 00f2d8 004568 00 A 0 0 8
[19] .gcc_except_table PROGBITS 0000000000413840 013840 00049c 00 A 0 0 4
[20] .init_array INIT_ARRAY 0000000000414db0 013db0 000010 08 WA 0 0 8
[21] .fini_array FINI_ARRAY 0000000000414dc0 013dc0 000008 08 WA 0 0 8
[22] .dynamic DYNAMIC 0000000000414dc8 013dc8 000230 10 WA 6 0 8
[23] .got PROGBITS 0000000000414ff8 013ff8 000008 08 WA 0 0 8
[24] .got.plt PROGBITS 0000000000415000 014000 000320 08 WA 0 0 8
[25] .data PROGBITS 0000000000415320 014320 000010 00 WA 0 0 8
[26] .bss NOBITS 0000000000415340 014330 000138 00 WA 0 0 32
[27] .comment PROGBITS 0000000000000000 014330 00002d 01 MS 0 0 1
[28] .debug_aranges PROGBITS 0000000000000000 01435d 002060 00 0 0 1
[29] .debug_info PROGBITS 0000000000000000 0163bd 024611 00 0 0 1
[30] .debug_abbrev PROGBITS 0000000000000000 03a9ce 000e97 00 0 0 1
[31] .debug_line PROGBITS 0000000000000000 03b865 005f1d 00 0 0 1
[32] .debug_str PROGBITS 0000000000000000 041782 025677 01 MS 0 0 1
[33] .debug_ranges PROGBITS 0000000000000000 066df9 002260 00 0 0 1
[34] .symtab SYMTAB 0000000000000000 069060 004e60 18 35 57 8
[35] .strtab STRTAB 0000000000000000 06dec0 00a877 00 0 0 1
[36] .shstrtab STRTAB 0000000000000000 078737 000154 00 0 0 1

I have memory leak somewhere
You may have, but you have provided no evidence of that.
The problem is subject line: free(): invalid next size (normal) is not about a memory leak, but rather about heap corruption.
I don't really understand how this happens
Heap corruption bugs often show up as a crash quite far from where they actually happen. This makes finding them without specialized tools hard.
Fortunately, there are specialized tools. Run your program under Valgrind, or with Address Sanitizer.
Update:
Invalid write of size 8
==39918== at 0x405B55: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x404531: ??? (in /users/damir/Analysis/MultB)
==39918== by 0x5582B44: (below main) (libc-start.c:287)
==39918== Address 0x591e530 is 0 bytes after a block of size 400 alloc'd
That's the heap corruption right there: you are writing 8 bytes past the end of a heap block.
Unfortunately you didn't build MultB with debug info, so Valgrind can't tell you where in the source this is happening.
Rebuild your application with -g flag, run it under Valgrind again, and fix the bug Valgrind told you about.

add touchscreen support imx6

I am working with a imx6 dual light digi board. I want to add Ad7879 touch support. I 've been followed the next steps:
-First I changed the kernel config file adding support fo touchscreen and ad7879. In kernel config file I 've made the following changes:
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_AD7879=y
CONFIG_TOUCHSCREEN_AD7879_I2C=y
At the first I configured ad7879 as module doing:
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_AD7879=m
CONFIG_TOUCHSCREEN_AD7879_I2C=m
After that I made the device initialization in the device tree.
In imx6qdl-ccimx6sbc.dtsi file I put the next:
&i2c3 {
ad7879#2c
{
compatible = "adi,ad7879-1";
reg = <0x2c>;
interrupt-parent = <&gpio6>;
interrupts = <15 IRQ_TYPE_EDGE_FALLING>;
touchscreen-max-pressure = <4096>;
adi,resistance-plate-x = <120>;
adi,first-conversion-delay = /bits/ 8 <3>;
adi,acquisition-time = /bits/ 8 <1>;
adi,median-filter-size = /bits/ 8 <2>;
adi,averaging = /bits/ 8 <1>;
adi,conversion-interval = /bits/ 8 <255>;
};
The ad7879 interrupt controller is conected to the imx6 in EXP_I2C_IRQ_N pin that is the GPIO_6_15, for that reason I put interrupt-parent = <&gpio6> and interrupts = <15 IRQ_TYPE_EDGE_FALLING>;.
In imx6qdl-ccimx6sbc.dts file I put:
&i2c3 {
...
ad7879#2c {
status ="okay";
};
...
};
Then I followed with compile the linux image and device tree.
In the imx6 with the linux image that I configures the ad7879 as module I loaded the ad7879 modules doing this:
root:~> modprobe ad7879
root:~> modprobe ad7879-i2c
but there is not log messages abaout the ad7879 and there is no ad7879 node asociated.
If I check the device node to chek the device node:
root#ccimx6sbc: ls -la /dev/input/
drwxr-xr-x 4 root root 180 Jan 1 2000 .
drwxr-xr-x 14 root root 3480 May 16 14:49 ..
drwxr-xr-x 2 root root 80 Jan 1 2000 by-id
drwxr-xr-x 2 root root 120 Jan 1 2000 by-path
crw-rw---- 1 root input 13, 64 Jan 1 2000 event0
crw-rw---- 1 root input 13, 65 Jan 1 2000 event1
crw-rw---- 1 root input 13, 66 Jan 1 2000 event2
crw-rw---- 1 root input 13, 63 Jan 1 2000 mice
crw-rw---- 1 root input 13, 32 Jan 1 2000 mouse0
root#ccimx6sbc:# cat /sys/class/input/input0/name
da9063-onkey
root#ccimx6sbc:# cat /sys/class/input/input1/name
Genius 4D Scroll Mouse
root#ccimx6sbc:# cat /sys/class/input/input2/name
sgtl5000-audio Headphone Jack
You can see that there is no node asociated.
root#ccimx6sbc:# cat /proc/interrupts
CPU0 CPU1
29: 140884 13795 GIC 29 twd
34: 406 0 GIC 34 sdma
35: 0 0 GIC 35 VPU_JPG_IRQ
37: 1 0 GIC 37 2400000.ipu
38: 12 0 GIC 38 2400000.ipu
42: 28 0 GIC 42
44: 0 0 GIC 44 VPU_CODEC_IRQ
50: 0 0 GIC 50 vdoa
51: 0 0 GIC 51 rtc alarm
54: 52 0 GIC 54 mmc3
55: 52 0 GIC 55 mmc1
57: 3580 0 GIC 57 mmc0
61: 353 0 GIC 61 21f0000.serial
63: 0 0 GIC 63 2008000.ecspi
69: 472 0 GIC 69 21a4000.i2c
70: 1367 0 GIC 70 21a8000.i2c
72: 109 0 GIC 72 2184200.usb
75: 0 0 GIC 75 2184000.usb
79: 0 0 GIC 79 202c000.ssi
81: 0 0 GIC 81 imx_thermal
87: 167 0 GIC 87 i.MX Timer Tick
112: 0 0 GIC 112 20bc000.wdog
134: 0 0 GIC 134 mipi_dsi
137: 466 0 GIC 137 2101000.jr0
138: 0 0 GIC 138 2102000.jr1
139: 0 0 GIC 139 mmdc_1
144: 0 0 GIC 144 mmdc_1
147: 0 0 GIC 147 20e0000.hdmi_video
150: 62234 0 GIC 150 2188000.ethernet
151: 0 0 GIC 151 2188000.ethernet
192: 0 0 gpio-mxc 0 headphone detect
364: 1 0 gpio-mxc 12 da9063-irq
413: 0 1 da9063-irq 3 HWMON
414: 0 0 da9063-irq 0 ONKEY
415: 0 0 da9063-irq 1 ALARM
IPI0: 0 0 CPU wakeup interrupts
IPI1: 0 58 Timer broadcast interrupts
IPI2: 1405 2387 Rescheduling interrupts
IPI3: 0 0 Function call interrupts
IPI4: 19 33 Single function call interrupts
IPI5: 0 0 CPU stop interrupts
IPI6: 426 476 IRQ work interrupts
IPI7: 0 0 completion interrupts
Err: 0
You can se that there is not interrupts asociated to ad7879.
There is no difference when I build the linux kernel with this configuration:
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_AD7879=y
CONFIG_TOUCHSCREEN_AD7879_I2C=y
I did run dmesg and there is no log entries associated with ad7879.
In the imx6 linux I did the following commands:
>root#ccimx6sbc:i2cdetect 2
with this response:
WARNING! This program can confuse your I2C bus, cause data loss and worse!
I will probe file /dev/i2c-2.
I will probe address range 0x03-0x77.
Continue? [Y/n] y
0 1 2 3 4 5 6 7 8 9 a b c d e f
00: -- -- -- -- -- -- -- UU -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- 2c -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: UU -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --
If you can see the identifier of the device is detected (0x2c).
Then I made:
>root#ccimx6sbc: i2cdump -r 0-0x40 2 0x2c
With this response:
No size specified (using byte-data access)
WARNING! This program can confuse your I2C bus, cause data loss and worse!
I will probe file /dev/i2c-2, address 0x2c, mode byte
Probe range limited to 0x00-0x40.
Continue? [Y/n] y
0 1 2 3 4 5 6 7 8 9 a b c d e f 0123456789abcdef
00: 00 00 40 00 00 00 00 00 00 00 00 00 00 00 03 00 ..#...........?.
10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
40: 00
You can se in 0x02 and 0x0e are two of the default values for the registers of ad7879 and they are correct. So I concluded that the controller is well connected.
I don't if I missing something.

.rodata section loaded in executable page

So out of curiosity, I tried to run this code today (compiled with gcc -m32 1.c):
int main(void)
{
// EB is the opcode for jmp rel/8
// FE is hex for -2
// So this is essentially an infinite loop
((void(*)(void))"\xEB\xFE")();
}
... and it worked! No segfaults, the program (correctly?) goes into an infinite loop. Looking at the disassembly (objdump -d a.out), you can see the call to... whatever is at address 0x8048480:
080483d6 <main>:
....
80483e7: b8 80 84 04 08 mov $0x8048480,%eax
80483ec: ff d0 call *%eax
....
objdump -s -j .rodata a.out gives:
Contents of section .rodata:
8048478 03000000 01000200 ebfe00 ...........
~~~~
So it is indeed executing the string, which is stored in the .rodata section. So I ran readelf --sections a.out and got:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 08048154 000154 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048168 000168 000020 00 A 0 0 4
[ 3] .note.gnu.build-i NOTE 08048188 000188 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 080481ac 0001ac 000020 04 A 5 0 4
[ 5] .dynsym DYNSYM 080481cc 0001cc 000040 10 A 6 1 4
[ 6] .dynstr STRTAB 0804820c 00020c 000045 00 A 0 0 1
[ 7] .gnu.version VERSYM 08048252 000252 000008 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 0804825c 00025c 000020 00 A 6 1 4
[ 9] .rel.dyn REL 0804827c 00027c 000008 08 A 5 0 4
[10] .rel.plt REL 08048284 000284 000008 08 AI 5 23 4
[11] .init PROGBITS 0804828c 00028c 000023 00 AX 0 0 4
[12] .plt PROGBITS 080482b0 0002b0 000020 04 AX 0 0 16
[13] .plt.got PROGBITS 080482d0 0002d0 000008 00 AX 0 0 8
[14] .text PROGBITS 080482e0 0002e0 000182 00 AX 0 0 16
[15] .fini PROGBITS 08048464 000464 000014 00 AX 0 0 4
[16] .rodata PROGBITS 08048478 000478 00000b 00 A 0 0 4
[17] .eh_frame_hdr PROGBITS 08048484 000484 000034 00 A 0 0 4
[18] .eh_frame PROGBITS 080484b8 0004b8 0000e0 00 A 0 0 4
[19] .init_array INIT_ARRAY 08049f0c 000f0c 000004 04 WA 0 0 4
[20] .fini_array FINI_ARRAY 08049f10 000f10 000004 04 WA 0 0 4
[21] .dynamic DYNAMIC 08049f14 000f14 0000e8 08 WA 6 0 4
[22] .got PROGBITS 08049ffc 000ffc 000004 04 WA 0 0 4
[23] .got.plt PROGBITS 0804a000 001000 000010 04 WA 0 0 4
[24] .data PROGBITS 0804a010 001010 000008 00 WA 0 0 4
[25] .bss NOBITS 0804a018 001018 000004 00 WA 0 0 1
[26] .comment PROGBITS 00000000 001018 00001a 01 MS 0 0 1
[27] .symtab SYMTAB 00000000 001034 0003f0 10 28 45 4
[28] .strtab STRTAB 00000000 001424 0001bd 00 0 0 1
[29] .shstrtab STRTAB 00000000 0015e1 000105 00 0 0 1
So in the ELF binary, the section is marked non-executable. But in memory, the page is executable (cat /proc/xxx/maps):
08048000-08049000 r-xp 00000000 08:01 663551 /home/andrew/Desktop/a.out
08049000-0804a000 r--p 00000000 08:01 663551 /home/andrew/Desktop/a.out
0804a000-0804b000 rw-p 00001000 08:01 663551 /home/andrew/Desktop/a.out
My original guess was that the sections too closely-spaced (there are both AX and A sections in the 08048000-08049000 range), so Linux is forced to give the page the union of the ELF permission bits (AX | A == AX). However, even after increasing the size of the .rodata section (by adding many long strings), all of the pages containing the .rodata section are still executable. Why is this?
(For the record, I'm running on Linux kernel 4.11.7, GCC 7.1.1, and compiling as 64-bit still exhibits this behavior)

My original guess was that the segments too closely-spaced
You should not call sections segments (ELF has both, and they mean different things).
Sections only matter at static link time, and can be completely removed (are not needed at runtime). Only segments matter at runtime, and a typical ELF binary will have two segments with R-X and RW- permissions.
The .rodata section is usually merged with .text section and put into the executable segment. You can change that with the --rosegment flag if you use gold linker (patch which introduced this).
You can see section to segment mapping in the readelf -Wl a.out output.
Update:
Can there ever be a situation where .rodata needs to be executable, or is it for optimization, or something else?
There are no portable situations where .rodata needs to be executable. It is possible to construct a non-portable program that requires it, as you've done in your question.
Merging of .rodata and .text is an optimization: it requires two mmap calls instead of three (a program linked with --rosegment will have three separate PT_LOAD segments with R-X, R-- and R-W protections) and also fragments the virtual space less. In addition, on Linux there is a system-wide limit on total mappings, so you'll reduce the total number of programs you can run at once by 50% if you link everything with --rosegment.
Update 2:
Recent Linux distributions stopped merging .text and .rodata, and now have three or four separate LOAD segments. See this answer.