Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <1ee762f8-94e2-baae-0466-deeab0f884f9@redhat.com>
Date: Fri, 16 Apr 2021 15:29:53 +0200
From: Harald Hoyer <harald@...hat.com>
To: Andy Caldwell <andy.caldwell@...rosoft.com>, musl@...ts.openwall.com
Subject: Re: [PATCH] Add static-pie support to musl-gcc

Yeah, I have been suggesting this, too <https://www.openwall.com/lists/musl/2020/04/07/2>.

Final suggestion was:

 tools/musl-gcc.specs.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 tools/musl-gcc.specs.sh

diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
old mode 100644
new mode 100755
index 30492574..ed584ed3
--- a/tools/musl-gcc.specs.sh
+++ b/tools/musl-gcc.specs.sh
@@ -17,13 +17,13 @@ cat <<EOF
 libgcc.a%s %:if-exists(libgcc_eh.a%s)

 *startfile:
-%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
+%{shared:;static-pie:$libdir/rcrt1.o; :$libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s

 *endfile:
 crtendS.o%s $libdir/crtn.o

 *link:
--dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
+-dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{static-pie:-static -pie --no-dynamic-linker}
%{rdynamic:-export-dynamic}

 *esp_link:



Am 15.04.21 um 22:14 schrieb Andy Caldwell:
> Hello all,
> 
> I've been using musl as the libc backend for rustc for various and  I also wanted
> to build some C executables against musl (using the `musl-gcc` wrapper since I'm
> compiling on Ubuntu/Centos).  For various (security and other) reasons we want
> to build `-static-pie` executables but the existing `musl-gcc.specs` file doesn't
> handle that flag.  I found https://www.openwall.com/lists/musl/2019/05/28/1
> which seemed like a good start, but also seems to have stalled.
> 
> Starting from that patch, I've applied the various suggestions in the following
> emails in the thread (adding `-z text` and handling `-eh-frame-hdr`).  I've also
> make a few other changes:
> 
>  * Pass `-pie` to the linker when `-static-pie` is requested (this might be
>    passed automatically if gcc was built `-default-pie` but it doesn't hurt to
>    pass it in and it's certainly needed in some cases)
>  * Don't pass `-dynamic-linker ...` when `-static` is requested (which mirror's
>    gcc's standard behaviour)
> 
> Using this specfile, I was able to build and run the OpenSSL command line tools
> (which seem to be a decent stress-test of a compiler/linker) both as `-static` and
> as `-static-pie`, as well as building the compiling the following example
> executable to check that PIE is being applied appropriately (compare the
> outputs with `-static` vs. `-static-pie` across multiple runs).
> 
> ```
> #include <stdio.h>
> 
> static int static_int = 42;
> static int *static_ptr = &static_int;
> 
> int main(int argc, char** argv) {
>   printf("main: %p, stack: %p, statics: %p\n", main, &argc, static_ptr);
>   return 0;
> }
> ```
> 
> Thanks,
> 
> Andy Caldwell
> 
> --- PATCH BELOW ---
> 
> From 2953e1dc837cd81cac059ea0fa7b4f7bb11c568a Mon Sep 17 00:00:00 2001
> From: Andy Caldwell <andy.caldwell@...rosoft.com>
> Date: Thu, 15 Apr 2021 21:05:38 +0100
> Subject: [PATCH] Add static-pie support to musl-gcc
>  
> ---
>  tools/musl-gcc.specs.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>  
> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
> index 30492574..0e5a9035 100644
> --- a/tools/musl-gcc.specs.sh
> +++ b/tools/musl-gcc.specs.sh
> @@ -17,13 +17,13 @@ cat <<EOF
>  libgcc.a%s %:if-exists(libgcc_eh.a%s)
>  
>  *startfile:
> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
> +%{static-pie: $libdir/rcrt1.o; !shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
>  
>  *endfile:
>  crtendS.o%s $libdir/crtn.o
>  
>  *link:
> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static} %{rdynamic:-export-dynamic}
> +%{static-pie: -no-dynamic-linker -pie; !static: -dynamic-linker $ldso} -nostdlib -z text %{shared} %{static-pie|static:-static} %{rdynamic:-export-dynamic} %{!static: -eh-frame-hdr}
>  
>  *esp_link:
>  
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.