From owner-freebsd-toolchain@freebsd.org Thu Aug 25 22:50:31 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 908F0BC56D3 for ; Thu, 25 Aug 2016 22:50:31 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm29-vm1.bullet.mail.bf1.yahoo.com (nm29-vm1.bullet.mail.bf1.yahoo.com [98.139.213.144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A0B01EB6 for ; Thu, 25 Aug 2016 22:50:31 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1472165423; bh=GKNRfeb5g1tGX4sRl94pyBnwI76AY8W8PTeKKPKmkeA=; h=To:From:Subject:Date:From:Subject; b=doGUTw8wsLUMdzwRVAScMQ8A4s33HcxlsoNqjm8fuBTdpWeLGb83LZ1h78RGnqTpOpdJa8wFzK3DiFvY6/vKI2ccAal6Gukq9C3MPmGXoAzyCAOOOZEr/HV1yxxUNeCe1Mwkg6GuwwwV++S8Hs7+MgajEOcycZw3giQacSBAvKyJSo4wxyAecECm1SBvtcwsYpqXZZ2iuayi0U+1913ZFK3MJVXk5gSmz/T00ug1I9G21kTXr0iMOtEUqibq+Fd8C19Olzi7MN953bA2BhOREOkx5L01gmd5/QOw5pCePnru/JhwrWbr3oeb2o4AJakgoRXNpJC3JaRc/C3JFKkGjg== Received: from [98.139.170.182] by nm29.bullet.mail.bf1.yahoo.com with NNFMP; 25 Aug 2016 22:50:23 -0000 Received: from [98.139.211.193] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 25 Aug 2016 22:50:23 -0000 Received: from [127.0.0.1] by smtp202.mail.bf1.yahoo.com with NNFMP; 25 Aug 2016 22:50:23 -0000 X-Yahoo-Newman-Id: 896128.20032.bm@smtp202.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: .5ncuuwVM1kjwRqFRFsqDSjTRBgy_TB301DX590iPFv8pku ok1X_bDPb0MvdxVlkIeTM4I9cg8.GyfZnIJxafF3bxrniKcMVGDkySqpjLTE E6E.tKq2.5AFx4NCCslAblPUvOWAUZcGXkGd8ISSe2SRAXIzsW8EZhzyZKsE YHIs6qSRwoX6NenV0MeQbKQZJUSe3lQcjLv6dgBcqEbbttNbOZJjrCpk.Egn fIPKjiff5XKPYQRYz5ljhyMnojaGlflqZuCzhQZgLuWVxZBOwQvCsB7lomw3 wtgTg5Vuqc4ewsB1EE8bKDklo_SgN.t.efU5IW14W3ZwRWM9Mycx2GxCmc21 fX_hDCvlIdpJjJycosEhpd2R9ptc1RwrbcqWjp0Iy8ivFkRoN85f6._h_Dx7 eZ_WXLSYwIP7MmM_UCxjl0eUKE9YfMT7XvnsTVvcRZp_uLzas8LPCsgZs_F2 QNpLaa8IwLtdY0UPIrHaoOflKu0HLG3zNbOoxV1Hiya6Wm9zjFd8UdYNw7dF .n7tczw9iEXPk_iSBpoPrfly6y4HHrsANJK5lV31ML8fQGw-- X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf To: freebsd-toolchain@FreeBSD.org From: Pedro Giffuni Subject: Time to enable partial relro Message-ID: Date: Thu, 25 Aug 2016 17:50:31 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------B7BF4F72F4202B122F41AEA1" X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Aug 2016 22:50:31 -0000 This is a multi-part message in MIME format. --------------B7BF4F72F4202B122F41AEA1 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hello; GNU RELRO support was committed in r230784 (2012-01-30) but we never enabled it by default. There was some discussion about it on https://reviews.freebsd.org/D3001 By now, all Linux distributions, NetBSD and DragonFly support it and it is the default for most systems in binutils 2.27. This doesn't affect performance, I ran it through an exp-run last year, no other OS has had issues etc ... seems safe and can be disabled if needed when linking. I think it's time to enable it be default in our base binutils. If there are no objections, I will just commit the attached patch over the weekend. Regards, Pedro. --------------B7BF4F72F4202B122F41AEA1 Content-Type: text/x-patch; name="partial-relro.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="partial-relro.diff" Index: contrib/binutils/ld/emultempl/elf32.em =================================================================== --- contrib/binutils/ld/emultempl/elf32.em (revision 304807) +++ contrib/binutils/ld/emultempl/elf32.em (working copy) @@ -97,6 +97,7 @@ ldfile_set_output_arch ("${OUTPUT_ARCH}", bfd_arch_`echo ${ARCH} | sed -e 's/:.*//'`); config.dynamic_link = ${DYNAMIC_LINK-TRUE}; config.has_shared = `if test -n "$GENERATE_SHLIB_SCRIPT" ; then echo TRUE ; else echo FALSE ; fi`; + link_info.relro = TRUE; } EOF --------------B7BF4F72F4202B122F41AEA1--