Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2013 21:36:58 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: PIE on x86_64

Hi,

On Fri, Apr 26, 2013 at 21:48 -0400, Rich Felker wrote:
> On Sat, Apr 27, 2013 at 02:14:05AM +0800, Pavel Labushev wrote:
> > On Fri, 12 Apr 2013 22:26:58 +0400
> > Solar Designer <solar@...nwall.com> wrote:
> > 
> > > > What are your reasons not to link executables as ET_DYN, even though
> > > > the target CPU architecture is PC-relative?
> > > 
> > > I think we should start doing that, and benchmark to make sure there's
> > > no unexpected performance drop.  Vasily?
> > 
> > And silence was the answer... Is it too much work? You could make -fpie
> > and the other hardening flags compiler's built-in defaults, like it is
> > done in Hardened Gentoo. It may be simpler and more robust than
> > tweaking specs of every package and would set more secure defaults for
> > anything that users might compile.
> 
> Unfortunately changing the compiler defaults can break things in
> subtle ways. The most common breakage I'm aware of from making pie the
> default occurs in packages with assembler source files that are
> written in non-pic-compatible ways. These will turn into TEXTRELs in
> the pie binary, which depending on the arch, may just result in heavy
> runtime bloat (e.g. on 32-bit x86) or produce an error at link time
> (e.g. on x86_64). I seem to recall a user running into this issue in
> OpenSSL...

I've tried to enable PIE by default and disable it on -static, etc.

The patch is based on this one:

http://ftp.osuosl.org/pub/lfs/hlfs-packages/unstable/gcc-4.1.2-fpie-2.patch

There were several failures: vim, owl-startup.  They need pic-enabled .a
files.  World rebuild fixes these errors.

The only one package which fails to build as-is on x86_64 -- kernel.
The -D__KERNEL__ check is present, though.  Will try to figure it out
(likely, tomorrow).

I caught no failures on syslinux or lilo.

Some binary files in $PATH still miss DYN Type, will fix this too.


Thanks,

-- 
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments

diff -uNp -r gcc-4.6.3.orig/gcc/config/gnu-user.h gcc-4.6.3/gcc/config/gnu-user.h
--- gcc-4.6.3.orig/gcc/config/gnu-user.h	2011-01-12 14:29:14 +0000
+++ gcc-4.6.3/gcc/config/gnu-user.h	2013-04-30 15:52:37 +0000
@@ -43,8 +43,8 @@ see the files COPYING3 and COPYING.RUNTI
    
 #if defined HAVE_LD_PIE
 #define GNU_USER_TARGET_STARTFILE_SPEC \
-  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
+  "%{!shared: %{pg|p|profile:gcrt1.o%s;static|nopie:crt1.o%s;:Scrt1.o%s}} \
+   crti.o%s %{static:crtbeginT.o%s;nopie:crtbegin.o%s;:crtbeginS.o%s}"
 #else
 #define GNU_USER_TARGET_STARTFILE_SPEC \
   "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
Двоичные файлы gcc-4.6.3.orig/gcc/config/.gnu-user.h.swp и gcc-4.6.3/gcc/config/.gnu-user.h.swp различаются
diff -uNp -r gcc-4.6.3.orig/gcc/config/i386/linux64.h gcc-4.6.3/gcc/config/i386/linux64.h
--- gcc-4.6.3.orig/gcc/config/i386/linux64.h	2011-09-08 09:12:35 +0000
+++ gcc-4.6.3/gcc/config/i386/linux64.h	2013-04-30 15:01:44 +0000
@@ -94,7 +94,8 @@ see the files COPYING3 and COPYING.RUNTI
    %{mpc32:crtprec32.o%s} \
    %{mpc64:crtprec64.o%s} \
    %{mpc80:crtprec80.o%s} \
-   %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
+   %{shared|pie:crtendS.o%s;static|nopie|pg|p|profile:crtend.o%s;:crtendS.o%s} \
+   crtn.o%s"
 
 #if TARGET_64BIT_DEFAULT
 #define MULTILIB_DEFAULTS { "m64" }
diff -uNp -r gcc-4.6.3.orig/gcc/config/i386/linux.h gcc-4.6.3/gcc/config/i386/linux.h
--- gcc-4.6.3.orig/gcc/config/i386/linux.h	2011-09-08 09:12:35 +0000
+++ gcc-4.6.3/gcc/config/i386/linux.h	2013-04-30 15:00:32 +0000
@@ -118,7 +118,8 @@ along with GCC; see the file COPYING3.
    %{mpc32:crtprec32.o%s} \
    %{mpc64:crtprec64.o%s} \
    %{mpc80:crtprec80.o%s} \
-   %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
+   %{shared|pie:crtendS.o%s;static|nopie|pg|p|profile:crtend.o%s;:crtendS.o%s} \
+   crtn.o%s"
 
 /* A C statement (sans semicolon) to output to the stdio stream
    FILE the assembler definition of uninitialized global DECL named
diff -uNp -r gcc-4.6.3.orig/gcc/doc/invoke.texi gcc-4.6.3/gcc/doc/invoke.texi
--- gcc-4.6.3.orig/gcc/doc/invoke.texi	2012-01-03 16:43:38 +0000
+++ gcc-4.6.3/gcc/doc/invoke.texi	2013-04-30 13:55:50 +0000
@@ -9213,6 +9213,11 @@ For example, @samp{-Wl,-Map,output.map}
 linker.  When using the GNU linker, you can also get the same effect with
 @samp{-Wl,-Map=output.map}.
 
+On Openwall GNU/*/Linux (and some other systems), the options
+@...ion{-Wl,-z,relro} and @option{-Wl,-z,now} are assumed by default.
+To disable these, you may use @option{-Wl,-z,norelro} and
+@...ion{-Wl,-z,lazy}, respectively.
+
 @item -u @var{symbol}
 @opindex u
 Pretend the symbol @var{symbol} is undefined, to force linking of
diff -uNp -r gcc-4.6.3.orig/gcc/gcc.c gcc-4.6.3/gcc/gcc.c
--- gcc-4.6.3.orig/gcc/gcc.c	2011-02-23 02:04:43 +0000
+++ gcc-4.6.3/gcc/gcc.c	2013-04-30 14:11:43 +0000
@@ -609,7 +609,9 @@ proper position among the other output f
 
 #ifndef LINK_PIE_SPEC
 #ifdef HAVE_LD_PIE
-#define LINK_PIE_SPEC "%{pie:-pie} "
+#define LINK_PIE_SPEC \
+    "%{!nopie: %{!static: %{!A: %{!shared: %{!nostdlib: %{!nostartfiles:" \
+    "%{!fno-PIE: %{!fno-pie: -pie} } } } } } } } %{pie: -pie}"
 #else
 #define LINK_PIE_SPEC "%{pie:} "
 #endif
@@ -657,6 +659,8 @@ proper position among the other output f
     }"PLUGIN_COND_CLOSE" \
     %{flto|flto=*:%<fcompare-debug*} \
     %{flto} %{flto=*} %l " LINK_PIE_SPEC \
+   " -z relro "\
+   " -z now "\
    "%X %{o*} %{e*} %{N} %{n} %{r}\
     %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}}\
     %{static:} %{L*} %(mfwrap) %(link_libgcc) %o\
@@ -690,7 +694,10 @@ proper position among the other output f
 
 static const char *asm_debug;
 static const char *cpp_spec = CPP_SPEC;
-static const char *cc1_spec = CC1_SPEC;
+static const char *cc1_spec = CC1_SPEC " " \
+    "%{!D__KERNEL__: %{!static: %{!fno-PIC: %{!fno-pic: %{!shared:" \
+    "%{!nostdlib: %{!nostartfiles: %{!fno-PIE: %{!fno-pie: %{!nopie:" \
+    "%{!fPIC: %{!fpic:-fPIE} } } } } } } } } } } }";
 static const char *cc1plus_spec = CC1PLUS_SPEC;
 static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
 static const char *link_ssp_spec = LINK_SSP_SPEC;
diff -uNp -r gcc-4.6.3.orig/gcc/Makefile.in gcc-4.6.3/gcc/Makefile.in
--- gcc-4.6.3.orig/gcc/Makefile.in	2011-08-20 07:51:09 +0000
+++ gcc-4.6.3/gcc/Makefile.in	2013-04-30 14:58:22 +0000
@@ -649,7 +649,7 @@ LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES)
 		 $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) \
 		 -DIN_LIBGCC2 -D__GCC_FLOAT_NOT_NEEDED \
 		 -fno-stack-protector \
-		 $(INHIBIT_LIBC_CFLAGS)
+		 $(INHIBIT_LIBC_CFLAGS) -fno-PIE
 
 # Additional options to use when compiling libgcc2.a.
 # Some targets override this to -isystem include
@@ -663,7 +663,7 @@ CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(IN
   -finhibit-size-directive -fno-inline -fno-exceptions \
   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
   -fno-stack-protector \
-  $(INHIBIT_LIBC_CFLAGS)
+  $(INHIBIT_LIBC_CFLAGS) -fno-PIE
 
 # Additional sources to handle exceptions; overridden by targets as needed.
 LIB2ADDEH = $(srcdir)/unwind-dw2.c $(srcdir)/unwind-dw2-fde.c \

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ