testing/rust/static-pie.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

From: Shiz <hi@shiz.me>
Date: Sat, 8 Apr 2017 05:38:00 +0200
Subject: [PATCH] Add support for static PIE executables

Note that static PIE binaries are reported as dynamically linked by
the "file" utility:

    $ rustc -C target-feature=+crt-static hello_world.rb
    $ file hello_world
    ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically \
      linked, not stripped, with debug_info

Also ldd reports that it's linked with ldd:

    $ ldd hello_world
    ldd (0x237fcc81000)

Static PIE binaries are dynamic binaries without a loader or any DT_NEEDED
entries. The important is that they do not depend on libc or any other system
library, just like static binaries, but more secure.

    $ readelf -d hello_world
    Dynamic section at offset 0x2de40 contains 17 entries:
      Tag        Type                         Name/Value
     0x0000000000000010 (SYMBOLIC)           0x0
     0x000000000000000c (INIT)               0x17a0
     0x000000000000000d (FINI)               0x2003c
     0x000000006ffffef5 (GNU_HASH)           0x1c8
     0x0000000000000005 (STRTAB)             0x278
     0x0000000000000006 (SYMTAB)             0x200
     0x000000000000000a (STRSZ)              60 (bytes)
     0x000000000000000b (SYMENT)             24 (bytes)
     0x0000000000000015 (DEBUG)              0x0
     0x0000000000000003 (PLTGOT)             0x22df90
     0x0000000000000007 (RELA)               0x2b8
     0x0000000000000008 (RELASZ)             5352 (bytes)
     0x0000000000000009 (RELAENT)            24 (bytes)
     0x0000000000000018 (BIND_NOW)
     0x000000006ffffffb (FLAGS_1)            Flags: NOW PIE
     0x000000006ffffff9 (RELACOUNT)          223
     0x0000000000000000 (NULL)               0x0

--- a/src/librustc_back/target/linux_musl_base.rs
+++ b/src/librustc_back/target/linux_musl_base.rs
@@ -22,5 +22,8 @@
     // Except for on MIPS, these targets statically link libc by default.
     base.crt_static_default = true;
 
+    // Static position-independent executables are supported.
+    base.static_position_independent_executables = true;
+
     base
 }
--- a/src/librustc_back/target/mod.rs
+++ b/src/librustc_back/target/mod.rs
@@ -350,6 +350,8 @@
     /// the functions in the executable are not randomized and can be used
     /// during an exploit of a vulnerability in any code.
     pub position_independent_executables: bool,
+    /// As above, but also support for static position independent executables.
+    pub static_position_independent_executables: bool,
     /// Format that archives should be emitted in. This affects whether we use
     /// LLVM to assemble an archive or fall back to the system linker, and
     /// currently only "gnu" is used to fall into LLVM. Unknown strings cause
@@ -434,6 +436,7 @@
             has_rpath: false,
             no_default_libraries: true,
             position_independent_executables: false,
+            static_position_independent_executables: false,
             pre_link_objects_exe: Vec::new(),
             pre_link_objects_dll: Vec::new(),
             post_link_objects: Vec::new(),
--- a/src/librustc_trans/back/link.rs
+++ b/src/librustc_trans/back/link.rs
@@ -840,6 +840,10 @@
 
     let used_link_args = sess.cstore.used_link_args();
 
+    if crate_type == config::CrateTypeExecutable && sess.crt_static() {
+        cmd.static_executable();
+    }
+
     if crate_type == config::CrateTypeExecutable &&
        t.options.position_independent_executables {
         let empty_vec = Vec::new();
@@ -850,7 +854,7 @@
         let relocation_model = sess.opts.cg.relocation_model.as_ref()
                                    .unwrap_or(&empty_str);
         if (t.options.relocation_model == "pic" || *relocation_model == "pic")
-            && !args.any(|x| *x == "-static") {
+            && (t.options.static_position_independent_executables || !args.any(|x| *x == "-static")) {
             cmd.position_independent_executable();
         }
     }
--- a/src/librustc_trans/back/linker.rs
+++ b/src/librustc_trans/back/linker.rs
@@ -82,6 +82,7 @@
     fn add_object(&mut self, path: &Path);
     fn gc_sections(&mut self, keep_metadata: bool);
     fn position_independent_executable(&mut self);
+    fn static_executable(&mut self);
     fn optimize(&mut self);
     fn debuginfo(&mut self);
     fn no_default_libraries(&mut self);
@@ -116,6 +117,7 @@
     fn output_filename(&mut self, path: &Path) { self.cmd.arg("-o").arg(path); }
     fn add_object(&mut self, path: &Path) { self.cmd.arg(path); }
     fn position_independent_executable(&mut self) { self.cmd.arg("-pie"); }
+    fn static_executable(&mut self) { self.cmd.arg("-static"); }
     fn args(&mut self, args: &[String]) { self.cmd.args(args); }
 
     fn link_rust_dylib(&mut self, lib: &str, _path: &Path) {
@@ -359,6 +361,10 @@
 
     fn position_independent_executable(&mut self) {
         // noop
+    }
+
+    fn static_executable(&mut self) {
+        self.cmd.arg("-MT");
     }
 
     fn no_default_libraries(&mut self) {