From owner-svn-src-all@freebsd.org Thu Sep 26 18:56:43 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1003B131737; Thu, 26 Sep 2019 18:56:43 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46fPKk6fgtz3L7X; Thu, 26 Sep 2019 18:56:42 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C360E4C33; Thu, 26 Sep 2019 18:56:42 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x8QIugdA078682; Thu, 26 Sep 2019 18:56:42 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x8QIuf6Y078677; Thu, 26 Sep 2019 18:56:41 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201909261856.x8QIuf6Y078677@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Thu, 26 Sep 2019 18:56:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r352769 - in releng/12.1: share/mk tools/build/options X-SVN-Group: releng X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: in releng/12.1: share/mk tools/build/options X-SVN-Commit-Revision: 352769 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Sep 2019 18:56:43 -0000 Author: emaste Date: Thu Sep 26 18:56:41 2019 New Revision: 352769 URL: https://svnweb.freebsd.org/changeset/base/352769 Log: MFS r352752: Add a WITH_BIND_NOW build knob MFC r340186: Add a WITH_BIND_NOW build knob The linker's -z now flag sets the DF_BIND_NOW flag, which signals to the runtime loader that all relocation processing should be performed at process startup rather than on demand. In combination with lld's default of enabling relro this causes the GOT to be made read-only when the process starts, preventing straightforward GOT overwrite attacks. MFC r341429: disable BIND_NOW in libc, libthr, and rtld An issue remains with BIND_NOW and processes using threads. For now, restore libc's BIND_NOW disable, and also disable BIND_NOW in rtld and libthr. MFC r345625: revert r341429 "disable BIND_NOW in libc, libthr, and rtld" r345620 by kib@ fixed the rtld issue that caused a crash at startup during resolution of libc's ifuncs with BIND_NOW. MFC r345638: Revert change accidentally committed along with r345625 MFC r345640: Revert other accidentally committed part of r345625 Approved by: re (gjb) Sponsored by: The FreeBSD Foundation Added: releng/12.1/tools/build/options/WITHOUT_BIND_NOW - copied unchanged from r352752, stable/12/tools/build/options/WITHOUT_BIND_NOW releng/12.1/tools/build/options/WITH_BIND_NOW - copied unchanged from r352752, stable/12/tools/build/options/WITH_BIND_NOW Modified: releng/12.1/share/mk/bsd.lib.mk releng/12.1/share/mk/bsd.opts.mk releng/12.1/share/mk/bsd.prog.mk Directory Properties: releng/12.1/ (props changed) Modified: releng/12.1/share/mk/bsd.lib.mk ============================================================================== --- releng/12.1/share/mk/bsd.lib.mk Thu Sep 26 18:37:58 2019 (r352768) +++ releng/12.1/share/mk/bsd.lib.mk Thu Sep 26 18:56:41 2019 (r352769) @@ -69,6 +69,10 @@ TAGS+= package=${PACKAGE:Uruntime} TAG_ARGS= -T ${TAGS:[*]:S/ /,/g} .endif +# ELF hardening knobs +.if ${MK_BIND_NOW} != "no" +LDFLAGS+= -Wl,-znow +.endif .if ${MK_RETPOLINE} != "no" CFLAGS+= -mretpoline CXXFLAGS+= -mretpoline Modified: releng/12.1/share/mk/bsd.opts.mk ============================================================================== --- releng/12.1/share/mk/bsd.opts.mk Thu Sep 26 18:37:58 2019 (r352768) +++ releng/12.1/share/mk/bsd.opts.mk Thu Sep 26 18:56:41 2019 (r352769) @@ -69,6 +69,7 @@ __DEFAULT_YES_OPTIONS = \ WARNS __DEFAULT_NO_OPTIONS = \ + BIND_NOW \ CCACHE_BUILD \ CTF \ INSTALL_AS_USER \ Modified: releng/12.1/share/mk/bsd.prog.mk ============================================================================== --- releng/12.1/share/mk/bsd.prog.mk Thu Sep 26 18:37:58 2019 (r352768) +++ releng/12.1/share/mk/bsd.prog.mk Thu Sep 26 18:56:41 2019 (r352769) @@ -34,6 +34,10 @@ PROG= ${PROG_CXX} MK_DEBUG_FILES= no .endif +# ELF hardening knobs +.if ${MK_BIND_NOW} != "no" +LDFLAGS+= -Wl,-znow +.endif .if ${MK_PIE} != "no" && (!defined(NO_SHARED) || ${NO_SHARED:tl} == "no") CFLAGS+= -fPIE CXXFLAGS+= -fPIE Copied: releng/12.1/tools/build/options/WITHOUT_BIND_NOW (from r352752, stable/12/tools/build/options/WITHOUT_BIND_NOW) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/12.1/tools/build/options/WITHOUT_BIND_NOW Thu Sep 26 18:56:41 2019 (r352769, copy of r352752, stable/12/tools/build/options/WITHOUT_BIND_NOW) @@ -0,0 +1,5 @@ +.\" $FreeBSD$ +Do not build all binaries with the +.Dv DF_BIND_NOW +flag set. +Run-time relocation processing will be performed on demand. Copied: releng/12.1/tools/build/options/WITH_BIND_NOW (from r352752, stable/12/tools/build/options/WITH_BIND_NOW) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/12.1/tools/build/options/WITH_BIND_NOW Thu Sep 26 18:56:41 2019 (r352769, copy of r352752, stable/12/tools/build/options/WITH_BIND_NOW) @@ -0,0 +1,5 @@ +.\" $FreeBSD$ +Build all binaries with the +.Dv DF_BIND_NOW +flag set to indicate that the run-time loader should perform all relocation +processing at process startup rather than on demand.