mailing list of musl libc
 help / color / mirror / Atom feed
* [musl] [PATCH] Add static-pie support to musl-gcc
@ 2021-04-15 20:14 Andy Caldwell
  2021-04-16 13:29 ` Harald Hoyer
  0 siblings, 1 reply; 3+ messages in thread
From: Andy Caldwell @ 2021-04-15 20:14 UTC (permalink / raw)
  To: musl

Hello all,

I've been using musl as the libc backend for rustc for various and  I also wanted
to build some C executables against musl (using the `musl-gcc` wrapper since I'm
compiling on Ubuntu/Centos).  For various (security and other) reasons we want
to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
handle that flag.  I found https://www.openwall.com/lists/musl/2019/05/28/1
which seemed like a good start, but also seems to have stalled.

Starting from that patch, I've applied the various suggestions in the following
emails in the thread (adding `-z text` and handling `-eh-frame-hdr`).  I've also
make a few other changes:

 * Pass `-pie` to the linker when `-static-pie` is requested (this might be
   passed automatically if gcc was built `-default-pie` but it doesn't hurt to
   pass it in and it's certainly needed in some cases)
 * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
   gcc's standard behaviour)

Using this specfile, I was able to build and run the OpenSSL command line tools
(which seem to be a decent stress-test of a compiler/linker) both as `-static` and
as `-static-pie`, as well as building the compiling the following example
executable to check that PIE is being applied appropriately (compare the
outputs with `-static` vs. `-static-pie` across multiple runs).

```
#include <stdio.h>

static int static_int = 42;
static int *static_ptr = &static_int;

int main(int argc, char** argv) {
  printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
  return 0;
}
```

Thanks,

Andy Caldwell

--- PATCH BELOW ---

From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
From: Andy Caldwell <andy.caldwell@microsoft.com>
Date: Thu, 15 Apr 2021 21:05:38 +0100
Subject: [PATCH] Add static-pie support to musl-gcc
 
---
 tools/musl-gcc.specs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 
diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
index 30492574..0e5a9035 100644
--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
@@ -17,13 +17,13 @@ cat <<EOF
 libgcc.a%s %:if-exists(libgcc_eh.a%s)
 
 *startfile:
-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
 
 *endfile:
 crtendS.o%s $libdir/crtn.o
 
 *link:
--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
 
 *esp_link:
 
-- 
2.31.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [musl] [PATCH] Add static-pie support to musl-gcc
  2021-04-15 20:14 [musl] [PATCH] Add static-pie support to musl-gcc Andy Caldwell
@ 2021-04-16 13:29 ` Harald Hoyer
  2021-04-16 23:33   ` Fangrui Song
  0 siblings, 1 reply; 3+ messages in thread
From: Harald Hoyer @ 2021-04-16 13:29 UTC (permalink / raw)
  To: Andy Caldwell, musl

Yeah, I have been suggesting this, too <https://www.openwall.com/lists/musl/2020/04/07/2>.

Final suggestion was:

 tools/musl-gcc.specs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 tools/musl-gcc.specs.sh

diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
old mode 100644
new mode 100755
index 30492574..ed584ed3
--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
@@ -17,13 +17,13 @@ cat <<EOF
 libgcc.a%s %:if-exists(libgcc_eh.a%s)

 *startfile:
-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s

 *endfile:
 crtendS.o%s $libdir/crtn.o

 *link:
--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker}
%{rdynamic:-export-dynamic}

 *esp_link:



Am 15.04.21 um 22:14 schrieb Andy Caldwell:
> Hello all,
> 
> I've been using musl as the libc backend for rustc for various and  I also wanted
> to build some C executables against musl (using the `musl-gcc` wrapper since I'm
> compiling on Ubuntu/Centos).  For various (security and other) reasons we want
> to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
> handle that flag.  I found https://www.openwall.com/lists/musl/2019/05/28/1
> which seemed like a good start, but also seems to have stalled.
> 
> Starting from that patch, I've applied the various suggestions in the following
> emails in the thread (adding `-z text` and handling `-eh-frame-hdr`).  I've also
> make a few other changes:
> 
>  * Pass `-pie` to the linker when `-static-pie` is requested (this might be
>    passed automatically if gcc was built `-default-pie` but it doesn't hurt to
>    pass it in and it's certainly needed in some cases)
>  * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
>    gcc's standard behaviour)
> 
> Using this specfile, I was able to build and run the OpenSSL command line tools
> (which seem to be a decent stress-test of a compiler/linker) both as `-static` and
> as `-static-pie`, as well as building the compiling the following example
> executable to check that PIE is being applied appropriately (compare the
> outputs with `-static` vs. `-static-pie` across multiple runs).
> 
> ```
> #include <stdio.h>
> 
> static int static_int = 42;
> static int *static_ptr = &static_int;
> 
> int main(int argc, char** argv) {
>   printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
>   return 0;
> }
> ```
> 
> Thanks,
> 
> Andy Caldwell
> 
> --- PATCH BELOW ---
> 
> From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
> From: Andy Caldwell <andy.caldwell@microsoft.com>
> Date: Thu, 15 Apr 2021 21:05:38 +0100
> Subject: [PATCH] Add static-pie support to musl-gcc
>  
> ---
>  tools/musl-gcc.specs.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  
> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
> index 30492574..0e5a9035 100644
> --- a/tools/musl-gcc.specs.sh
> +++ b/tools/musl-gcc.specs.sh
> @@ -17,13 +17,13 @@ cat <<EOF
>  libgcc.a%s %:if-exists(libgcc_eh.a%s)
>  
>  *startfile:
> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
> +%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>  
>  *endfile:
>  crtendS.o%s $libdir/crtn.o
>  
>  *link:
> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
> +%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
>  
>  *esp_link:
>  
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [musl] [PATCH] Add static-pie support to musl-gcc
  2021-04-16 13:29 ` Harald Hoyer
@ 2021-04-16 23:33   ` Fangrui Song
  0 siblings, 0 replies; 3+ messages in thread
From: Fangrui Song @ 2021-04-16 23:33 UTC (permalink / raw)
  To: musl; +Cc: Andy Caldwell

On 2021-04-16, Harald Hoyer wrote:
>Yeah, I have been suggesting this, too <https://www.openwall.com/lists/musl/2020/04/07/2>.
>
>Final suggestion was:
>
> tools/musl-gcc.specs.sh | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> mode change 100644 => 100755 tools/musl-gcc.specs.sh
>
>diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
>old mode 100644
>new mode 100755
>index 30492574..ed584ed3
>--- a/tools/musl-gcc.specs.sh
>+++ b/tools/musl-gcc.specs.sh
>@@ -17,13 +17,13 @@ cat <<EOF
> libgcc.a%s %:if-exists(libgcc_eh.a%s)
>
> *startfile:
>-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>
> *endfile:
> crtendS.o%s $libdir/crtn.o
>
> *link:
>--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
>+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker}
>%{rdynamic:-export-dynamic}
>
> *esp_link:

If there is a change, will be good to restrict the --dynamic-linker
option to !shared !static !static-pie only.

>
>Am 15.04.21 um 22:14 schrieb Andy Caldwell:
>> Hello all,
>>
>> I've been using musl as the libc backend for rustc for various and  I also wanted
>> to build some C executables against musl (using the `musl-gcc` wrapper since I'm
>> compiling on Ubuntu/Centos).  For various (security and other) reasons we want
>> to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
>> handle that flag.  I found https://www.openwall.com/lists/musl/2019/05/28/1
>> which seemed like a good start, but also seems to have stalled.
>>
>> Starting from that patch, I've applied the various suggestions in the following
>> emails in the thread (adding `-z text` and handling `-eh-frame-hdr`).  I've also
>> make a few other changes:
>>
>>  * Pass `-pie` to the linker when `-static-pie` is requested (this might be
>>    passed automatically if gcc was built `-default-pie` but it doesn't hurt to
>>    pass it in and it's certainly needed in some cases)
>>  * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
>>    gcc's standard behaviour)
>>
>> Using this specfile, I was able to build and run the OpenSSL command line tools
>> (which seem to be a decent stress-test of a compiler/linker) both as `-static` and
>> as `-static-pie`, as well as building the compiling the following example
>> executable to check that PIE is being applied appropriately (compare the
>> outputs with `-static` vs. `-static-pie` across multiple runs).
>>
>> ```
>> #include <stdio.h>
>>
>> static int static_int = 42;
>> static int *static_ptr = &static_int;
>>
>> int main(int argc, char** argv) {
>>   printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
>>   return 0;
>> }
>> ```
>>
>> Thanks,
>>
>> Andy Caldwell
>>
>> --- PATCH BELOW ---
>>
>> From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
>> From: Andy Caldwell <andy.caldwell@microsoft.com>
>> Date: Thu, 15 Apr 2021 21:05:38 +0100
>> Subject: [PATCH] Add static-pie support to musl-gcc
>>
>> ---
>>  tools/musl-gcc.specs.sh | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
>> index 30492574..0e5a9035 100644
>> --- a/tools/musl-gcc.specs.sh
>> +++ b/tools/musl-gcc.specs.sh
>> @@ -17,13 +17,13 @@ cat <<EOF
>>  libgcc.a%s %:if-exists(libgcc_eh.a%s)
>>
>>  *startfile:
>> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>> +%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>>
>>  *endfile:
>>  crtendS.o%s $libdir/crtn.o
>>
>>  *link:
>> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
>> +%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
>>
>>  *esp_link:
>>
>>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-04-16 23:33 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-15 20:14 [musl] [PATCH] Add static-pie support to musl-gcc Andy Caldwell
2021-04-16 13:29 ` Harald Hoyer
2021-04-16 23:33   ` Fangrui Song

mailing list of musl libc

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/musl

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 musl musl/ http://inbox.vuxu.org/musl \
		musl@inbox.vuxu.org
	public-inbox-index musl

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.musl


code repositories for the project(s) associated with this inbox:

	https://git.vuxu.org/mirror/musl/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git