diff options
author | Nick Alcock <nick.alcock@oracle.com> | 2016-12-26 10:08:51 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-12-26 10:08:51 +0100 |
commit | bc174f20b83d19167ecac14ce0762eddbe47cc64 (patch) | |
tree | 0e04ae0e0507b28d468f24e9110ce4880bed2617 | |
parent | 995635f95b707488c23bba07be8016c9682d4045 (diff) | |
download | glibc-bc174f20b83d19167ecac14ce0762eddbe47cc64.tar.gz |
Ignore __stack_chk_fail* in the rtld mapfile computation [BZ #7065]
The previous commit prevented rtld itself from being built with
-fstack-protector, but this is not quite enough. We identify which
objects belong in rtld via a test link and analysis of the resulting
mapfile. That link is necessarily done against objects that are
stack-protected, so drags in __stack_chk_fail_local, __stack_chk_fail,
and all the libc and libio code they use.
To stop this happening, use --defsym in the test librtld.map-production
link to force the linker to predefine these two symbols (to 0, but it
could be to anything). (In a real link, this would of course be
catastrophic, but these object files are never used for anything else.)
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | elf/Makefile | 15 |
2 files changed, 20 insertions, 1 deletions
@@ -1,6 +1,12 @@ 2016-12-26 Nick Alcock <nick.alcock@oracle.com> [BZ #7065] + * elf/Makefile (dummy-stack-chk-fail): New. + (librtld.map): Use it. + +2016-12-26 Nick Alcock <nick.alcock@oracle.com> + + [BZ #7065] Compile the dynamic linker without stack protection. * elf/Makefile (elide-stack-protector): New. (CFLAGS-.os): Use it, eliding $(all-rtld-routines). diff --git a/elf/Makefile b/elf/Makefile index 1e7d7240ef..04d5f0721c 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -386,9 +386,22 @@ $(objpfx)dl-allobjs.os: $(all-rtld-routines:%=$(objpfx)%.os) # are compiled with special flags, and puts these modules into rtld-libc.a # for us. Then we do the real link using rtld-libc.a instead of libc_pic.a. +# If the compiler can do SSP, build the mapfile with dummy __stack_chk_fail +# and __stack_chk_fail_local symbols defined, to prevent the real things +# being dragged into rtld even though rtld is never built with stack- +# protection. + +ifeq ($(have-ssp),yes) +dummy-stack-chk-fail := -Wl,--defsym='__stack_chk_fail=0' \ + -Wl,--defsym='__stack_chk_fail_local=0' +else +dummy-stack-chk-fail := +endif + $(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a @-rm -f $@T - $(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T + $(reloc-link) -o $@.o $(dummy-stack-chk-fail) \ + '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T rm -f $@.o mv -f $@T $@ |