From: Fangrui Song <i@maskray.me>
To: musl@lists.openwall.com
Cc: Andy Caldwell <andy.caldwell@microsoft.com>
Subject: Re: [musl] [PATCH] Add static-pie support to musl-gcc
Date: Fri, 16 Apr 2021 16:33:41 -0700 [thread overview]
Message-ID: <20210416233341.r3puy5jkxzofhupm@gmail.com> (raw)
In-Reply-To: <1ee762f8-94e2-baae-0466-deeab0f884f9@redhat.com>
On 2021-04-16, Harald Hoyer wrote:
>Yeah, I have been suggesting this, too <https://www.openwall.com/lists/musl/2020/04/07/2>.
>
>Final suggestion was:
>
> tools/musl-gcc.specs.sh | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> mode change 100644 => 100755 tools/musl-gcc.specs.sh
>
>diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
>old mode 100644
>new mode 100755
>index 30492574..ed584ed3
>--- a/tools/musl-gcc.specs.sh
>+++ b/tools/musl-gcc.specs.sh
>@@ -17,13 +17,13 @@ cat <<EOF
> libgcc.a%s %:if-exists(libgcc_eh.a%s)
>
> *startfile:
>-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>
> *endfile:
> crtendS.o%s $libdir/crtn.o
>
> *link:
>--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
>+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker}
>%{rdynamic:-export-dynamic}
>
> *esp_link:
If there is a change, will be good to restrict the --dynamic-linker
option to !shared !static !static-pie only.
>
>Am 15.04.21 um 22:14 schrieb Andy Caldwell:
>> Hello all,
>>
>> I've been using musl as the libc backend for rustc for various and I also wanted
>> to build some C executables against musl (using the `musl-gcc` wrapper since I'm
>> compiling on Ubuntu/Centos). For various (security and other) reasons we want
>> to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
>> handle that flag. I found https://www.openwall.com/lists/musl/2019/05/28/1
>> which seemed like a good start, but also seems to have stalled.
>>
>> Starting from that patch, I've applied the various suggestions in the following
>> emails in the thread (adding `-z text` and handling `-eh-frame-hdr`). I've also
>> make a few other changes:
>>
>> * Pass `-pie` to the linker when `-static-pie` is requested (this might be
>> passed automatically if gcc was built `-default-pie` but it doesn't hurt to
>> pass it in and it's certainly needed in some cases)
>> * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
>> gcc's standard behaviour)
>>
>> Using this specfile, I was able to build and run the OpenSSL command line tools
>> (which seem to be a decent stress-test of a compiler/linker) both as `-static` and
>> as `-static-pie`, as well as building the compiling the following example
>> executable to check that PIE is being applied appropriately (compare the
>> outputs with `-static` vs. `-static-pie` across multiple runs).
>>
>> ```
>> #include <stdio.h>
>>
>> static int static_int = 42;
>> static int *static_ptr = &static_int;
>>
>> int main(int argc, char** argv) {
>> printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
>> return 0;
>> }
>> ```
>>
>> Thanks,
>>
>> Andy Caldwell
>>
>> --- PATCH BELOW ---
>>
>> From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
>> From: Andy Caldwell <andy.caldwell@microsoft.com>
>> Date: Thu, 15 Apr 2021 21:05:38 +0100
>> Subject: [PATCH] Add static-pie support to musl-gcc
>>
>> ---
>> tools/musl-gcc.specs.sh | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
>> index 30492574..0e5a9035 100644
>> --- a/tools/musl-gcc.specs.sh
>> +++ b/tools/musl-gcc.specs.sh
>> @@ -17,13 +17,13 @@ cat <<EOF
>> libgcc.a%s %:if-exists(libgcc_eh.a%s)
>>
>> *startfile:
>> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>> +%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>>
>> *endfile:
>> crtendS.o%s $libdir/crtn.o
>>
>> *link:
>> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
>> +%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
>>
>> *esp_link:
>>
>>
>
prev parent reply other threads:[~2021-04-16 23:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-15 20:14 Andy Caldwell
2021-04-16 13:29 ` Harald Hoyer
2021-04-16 23:33 ` Fangrui Song [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210416233341.r3puy5jkxzofhupm@gmail.com \
--to=i@maskray.me \
--cc=andy.caldwell@microsoft.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).