Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 29 May 2019 23:17:27 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] fix musl-gcc.specs.sh to correctly handle
 -static-pie

On Tue, May 28, 2019 at 10:19:18PM +0200, Ferdi265 wrote:
> Hello,
> 
> Today I wanted to use musl-gcc to build -static-pie binaries. I noticed
> that this does not work (musl-libc is still linked as a shared library
> and is also still requested as an interpreter).
> 
> Looking into the musl-gcc.specs file the bug was obvious: rcrt1.o was
> not used as a startfile, and neither -no-dynamic-linker nor -static were
> passed to the linker.
> 
> This patch fixes this by actually using rcrt1.o and passing the linker
> options when -static-pie is given.
> 
> I don't have much experience with the specifics of gcc .spec files and
> which options need to be passed, but this seems to work with all
> variations of -shared, -static, and -static-pie that I've tried.
> 
> Here (https://github.com/Ferdi265/musl) is the repository with the patch
> on GitHub, and I've also attached the patch below.
> 
> Greetings,
> Ferdinand "Ferdi265" Bachmann
> 
> --- PATCH BELOW ---
> 
> From 070bce8f7e508a951d3b65da227b2fca3a65f37b Mon Sep 17 00:00:00 2001
> From: Ferdinand Bachmann <theferdi265@...il.com>
> Date: Tue, 28 May 2019 21:53:25 +0200
> Subject: [PATCH] fix musl-gcc.specs.sh to correctly handle -static-pie
> 
> ---
>  tools/musl-gcc.specs.sh | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/musl-gcc.specs.sh b/tools/musl-gcc.specs.sh
> index 30492574..7206cb25 100644
> --- a/tools/musl-gcc.specs.sh
> +++ b/tools/musl-gcc.specs.sh
> @@ -17,13 +17,13 @@ cat <<EOF
>  libgcc.a%s %:if-exists(libgcc_eh.a%s)
> 
>  *startfile:
> -%{!shared: $libdir/Scrt1.o} $libdir/crti.o crtbeginS.o%s
> +%{static-pie: $libdir/rcrt1.o} %{!static-pie: %{!shared:
> $libdir/Scrt1.o}} $libdir/crti.o crtbeginS.o%s
> 
>  *endfile:
>  crtendS.o%s $libdir/crtn.o
> 
>  *link:
> --dynamic-linker $ldso -nostdlib %{shared:-shared} %{static:-static}
> %{rdynamic:-export-dynamic}
> +%{static-pie:-no-dynamic-linker -static} %{!static-pie:-dynamic-linker
> $ldso} -nostdlib %{shared:-shared} %{static:-static}
> %{rdynamic:-export-dynamic}
> 
>  *esp_link:
> 

This looks okay-ish, but could be improved. GCC spec syntax doesn't
require separate static-pie and !static-pie conditions; it supports
"else" with notation:

	%{static-pie:-no-dynamic-linker -static;-dynamic-linker $ldso}

There's also the question of whether we should make -static -pie work
like it's intended to by us, or like gcc does it upstream (ignoring
-pie). I think it's hard to duplicate the behavior we want since it
depends on knowing if the compiler was built as default-pie, so the
way you've done it is probably the best we can easily do, and at least
non-broken.

Anyone else have comments on this?

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.