1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
From: Shiz <hi@shiz.me>
Last-Updated: Sun, 20 May 2018 00:05:00 +0200
Subject: [PATCH] Add support for static PIE executables
Note that static PIE binaries are reported as dynamically linked by file(1):
$ rustc -C target-feature=+crt-static hello_world.rb
$ file hello_world
ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically \
linked, not stripped, with debug_info
In addition, ldd(1) reports that it's linked with ldd, as it can't find any
dependencies except itself loaded into the process:
$ ldd hello_world
ldd (0x237fcc81000)
Static PIE binaries are dynamic binaries without a loader or any DT_NEEDED
entries. The important is that they do not depend on libc or any other system
library, just like static binaries, but more secure.
$ readelf -d hello_world
Dynamic section at offset 0x2de40 contains 17 entries:
Tag Type Name/Value
0x0000000000000010 (SYMBOLIC) 0x0
0x000000000000000c (INIT) 0x17a0
0x000000000000000d (FINI) 0x2003c
0x000000006ffffef5 (GNU_HASH) 0x1c8
0x0000000000000005 (STRTAB) 0x278
0x0000000000000006 (SYMTAB) 0x200
0x000000000000000a (STRSZ) 60 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0x22df90
0x0000000000000007 (RELA) 0x2b8
0x0000000000000008 (RELASZ) 5352 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x0000000000000018 (BIND_NOW)
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000006ffffff9 (RELACOUNT) 223
0x0000000000000000 (NULL) 0x0
--- a/src/librustc_target/spec/linux_musl_base.rs
+++ b/src/librustc_target/spec/linux_musl_base.rs
@@ -25,5 +25,8 @@
// These targets allow the user to choose between static and dynamic linking.
base.crt_static_respected = true;
+ // Static position-independent executables are supported.
+ base.static_position_independent_executables = true;
+
base
}
--- a/src/librustc_target/spec/mod.rs
+++ b/src/librustc_target/spec/mod.rs
@@ -388,6 +388,8 @@
/// the functions in the executable are not randomized and can be used
/// during an exploit of a vulnerability in any code.
pub position_independent_executables: bool,
+ /// As above, but also support for static position independent executables.
+ pub static_position_independent_executables: bool,
/// Either partial, full, or off. Full RELRO makes the dynamic linker
/// resolve all symbols at startup and marks the GOT read-only before
/// starting the program, preventing overwriting the GOT.
@@ -519,7 +519,8 @@
has_rpath: false,
no_default_libraries: true,
position_independent_executables: false,
+ static_position_independent_executables: false,
relro_level: RelroLevel::None,
pre_link_objects_exe: Vec::new(),
pre_link_objects_dll: Vec::new(),
post_link_objects: Vec::new(),
--- a/src/librustc_codegen_llvm/back/link.rs
+++ b/src/librustc_codegen_llvm/back/link.rs
@@ -994,13 +994,9 @@
let mut position_independent_executable = false;
if t.options.position_independent_executables {
- let empty_vec = Vec::new();
- let args = sess.opts.cg.link_args.as_ref().unwrap_or(&empty_vec);
- let more_args = &sess.opts.cg.link_arg;
- let mut args = args.iter().chain(more_args.iter()).chain(used_link_args.iter());
-
+ let static_pie = t.options.static_position_independent_executables;
if get_reloc_model(sess) == llvm::RelocMode::PIC
- && !sess.crt_static() && !args.any(|x| *x == "-static") {
+ && (!sess.crt_static() || static_pie) {
position_independent_executable = true;
}
}
--- a/src/librustc_target/spec/mod.rs
+++ b/src/librustc_target/spec/mod.rs
@@ -778,7 +778,8 @@
key!(has_rpath, bool);
key!(no_default_libraries, bool);
key!(position_independent_executables, bool);
+ key!(static_position_independent_executables, bool);
try!(key!(relro_level, RelroLevel));
key!(archive_format);
key!(allow_asm, bool);
key!(custom_unwind_resume, bool);
@@ -981,7 +981,8 @@
target_option_val!(has_rpath);
target_option_val!(no_default_libraries);
target_option_val!(position_independent_executables);
+ target_option_val!(static_position_independent_executables);
target_option_val!(relro_level);
target_option_val!(archive_format);
target_option_val!(allow_asm);
target_option_val!(custom_unwind_resume);
|