Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID:
 <AM7PR83MB04183F89D57C602B2A42B2DDE54D9@AM7PR83MB0418.EURPRD83.prod.outlook.com>
Date: Thu, 15 Apr 2021 20:14:09 +0000
From: Andy Caldwell <andy.caldwell@...rosoft.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: [PATCH] Add static-pie support to musl-gcc

Hello all,

I've been using musl as the libc backend for rustc for various and  I also wanted
to build some C executables against musl (using the `musl-gcc` wrapper since I'm
compiling on Ubuntu/Centos).  For various (security and other) reasons we want
to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
handle that flag.  I found https://www.openwall.com/lists/musl/2019/05/28/1
which seemed like a good start, but also seems to have stalled.

Starting from that patch, I've applied the various suggestions in the following
emails in the thread (adding `-z text` and handling `-eh-frame-hdr`).  I've also
make a few other changes:

 * Pass `-pie` to the linker when `-static-pie` is requested (this might be
   passed automatically if gcc was built `-default-pie` but it doesn't hurt to
   pass it in and it's certainly needed in some cases)
 * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
   gcc's standard behaviour)

Using this specfile, I was able to build and run the OpenSSL command line tools
(which seem to be a decent stress-test of a compiler/linker) both as `-static` and
as `-static-pie`, as well as building the compiling the following example
executable to check that PIE is being applied appropriately (compare the
outputs with `-static` vs. `-static-pie` across multiple runs).

```
#include <stdio.h>

static int static_int = 42;
static int *static_ptr = &static_int;

int main(int argc, char** argv) {
  printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
  return 0;
}
```

Thanks,

Andy Caldwell

--- PATCH BELOW ---

>From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
From: Andy Caldwell <andy.caldwell@...rosoft.com>
Date: Thu, 15 Apr 2021 21:05:38 +0100
Subject: [PATCH] Add static-pie support to musl-gcc
 
---
 tools/musl-gcc.specs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 
diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
index 30492574..0e5a9035 100644
--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
@@ -17,13 +17,13 @@ cat <<EOF
 libgcc.a%s %:if-exists(libgcc_eh.a%s)
 
 *startfile:
-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
 
 *endfile:
 crtendS.o%s $libdir/crtn.o
 
 *link:
--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
 
 *esp_link:
 
-- 
2.31.1

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.