From nobody Thu Mar 2 16:07:46 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PSGGW48qzz3vyLG; Thu, 2 Mar 2023 16:07:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PSGGV6bxvz4Rv4; Thu, 2 Mar 2023 16:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677773267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/OFmWpqE8JnjdZeXT0nKQBC0cJHW/mm5w4KcDVlqtnI=; b=jhPqrlUwXlYiMjpZf7LSZwdTXfD3V4iOg52ZaDDC9zyuZ+SNTaFNZ4oWHhrX/sJJu+g6A0 Bjyqok8PY8Fvpw0XtGL42A/ywzdIau0PyXdLDqM26dtO4BIuyfEhrYO0cVdWNo+QQwcz8j AIJ7H0tki+G0BD5Cx0ZY561r9exzscyb8uIo8AM2LG4ioYLY58d0SFQOR/S+P6YW0odmWT /w/oRTqKZbTYsNELWjlh3bdqPPuF8u0Cx/5CCO9/XorpHQb/oFi1wQQrjluwvEe9iNF9s+ S43IsuCBJJXUNwgvRXuXY+Yh891ChCeobnbKKuYpOIXP9F3LBsboMlrc5fR6MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677773267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/OFmWpqE8JnjdZeXT0nKQBC0cJHW/mm5w4KcDVlqtnI=; b=lv4EmjbsBbKnKVlJBRro0tb/2WYBq7IZEViBQZ7dK09DDVHMLB7iJzNjhAozKs4GNf1e0z sFCLxntjxVEpjvsw4s/VuibNa/hPkPsSm3qgyghOuldb/C/9f6Id8SjvRxJARUv/ePABeK fIx4M4yh8IKRmjGCW4h0Mx6OdT77UMUHjfX35BecdUXI+hMmiQhyx10WmuFF5dvE2X+VLk It1K5WXpGmc41EwYRmdiAz3mbhb4zsD78bnfd9UvPaMwggJFdYgstR4iro73MnlgA48J4+ lfziI1SVR4ZbQGUlUD/UxRX95k/EMmoAsJPm4CmM9Jlv5b/uUkauoYEt3JHlLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677773267; a=rsa-sha256; cv=none; b=ez8PuZNvU8DI4FUWgZAZ45CKS5hUGI6Vh1w/U74HvL973aA/X6kLQFjvsQkkNsISrC6gER Dd2AdWB8gOwsXIbH0G3KPW+hkIZwA0QBXlaMvggJ9E7HxB+8pVKzAOqwxWwjNhxCD6Yok7 k9wTSrFo6k+5d9PvKnwBQdcPSaiHW7zJTOraHvm4itIAvsEDDz/9DfPN+Dw3gUaoqIXldB 247ff4SR46IyKPR6XInBc6N479vMr1xdF7lFg4uWj4cHOuCETnbfapYl3WrCORSvrTybvn vpjx5NXu3gqnMBqecOQH6SV9vK9T2i+XFiATmdFVIDK6lZqXOFz6WD4xCslFUA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PSGGV5j5fzN48; Thu, 2 Mar 2023 16:07:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 322G7kvU021278; Thu, 2 Mar 2023 16:07:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 322G7koZ021277; Thu, 2 Mar 2023 16:07:46 GMT (envelope-from git) Date: Thu, 2 Mar 2023 16:07:46 GMT Message-Id: <202303021607.322G7koZ021277@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: ee71c37bc123 - stable/13 - Add RELRO build knob, default to enabled List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: ee71c37bc1231f56b82e6b8993d370ccb22a91f6 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=ee71c37bc1231f56b82e6b8993d370ccb22a91f6 commit ee71c37bc1231f56b82e6b8993d370ccb22a91f6 Author: Ed Maste AuthorDate: 2022-06-22 12:58:04 +0000 Commit: Ed Maste CommitDate: 2023-03-02 14:25:27 +0000 Add RELRO build knob, default to enabled Note that lld enables relro by default, so that we already had either partial or full RELRO, depending on the state of the BIND_NOW knob. Add a RELRO knob so that the option can be disabled if desired, and so that builds using the GNU toolchain are equivalent to those using the standard Clang/LLVM toolchain. Reviewed by: markj MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35545 (cherry picked from commit 2f3a961487c97dc879f07bb97bc62d7bd70b3f8d) --- share/mk/bsd.lib.mk | 5 +++++ share/mk/bsd.opts.mk | 1 + share/mk/bsd.prog.mk | 5 +++++ tools/build/options/WITHOUT_RELRO | 4 ++++ tools/build/options/WITH_BIND_NOW | 7 +++++++ tools/build/options/WITH_RELRO | 5 +++++ 6 files changed, 27 insertions(+) diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk index d4819615d50c..71c3dab011ef 100644 --- a/share/mk/bsd.lib.mk +++ b/share/mk/bsd.lib.mk @@ -77,6 +77,11 @@ TAG_ARGS= -T ${TAGS:[*]:S/ /,/g} .if ${MK_BIND_NOW} != "no" LDFLAGS+= -Wl,-znow .endif +.if ${MK_RELRO} == "no" +LDFLAGS+= -Wl,-znorelro +.else +LDFLAGS+= -Wl,-zrelro +.endif .if ${MK_RETPOLINE} != "no" .if ${COMPILER_FEATURES:Mretpoline} && ${LINKER_FEATURES:Mretpoline} CFLAGS+= -mretpoline diff --git a/share/mk/bsd.opts.mk b/share/mk/bsd.opts.mk index 33d843593427..33516070ac67 100644 --- a/share/mk/bsd.opts.mk +++ b/share/mk/bsd.opts.mk @@ -62,6 +62,7 @@ __DEFAULT_YES_OPTIONS = \ NLS \ OPENSSH \ PROFILE \ + RELRO \ SSP \ TESTS \ TOOLCHAIN \ diff --git a/share/mk/bsd.prog.mk b/share/mk/bsd.prog.mk index 5e7aaaeb37f8..78fc920ec337 100644 --- a/share/mk/bsd.prog.mk +++ b/share/mk/bsd.prog.mk @@ -41,6 +41,11 @@ MK_DEBUG_FILES= no .if ${MK_BIND_NOW} != "no" LDFLAGS+= -Wl,-znow .endif +.if ${MK_RELRO} == "no" +LDFLAGS+= -Wl,-znorelro +.else +LDFLAGS+= -Wl,-zrelro +.endif .if ${MK_PIE} != "no" # Static PIE is not yet supported/tested. .if !defined(NO_SHARED) || ${NO_SHARED:tl} == "no" diff --git a/tools/build/options/WITHOUT_RELRO b/tools/build/options/WITHOUT_RELRO new file mode 100644 index 000000000000..f5b661f5916d --- /dev/null +++ b/tools/build/options/WITHOUT_RELRO @@ -0,0 +1,4 @@ +Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. +See also the +.Va BIND_NOW +option. diff --git a/tools/build/options/WITH_BIND_NOW b/tools/build/options/WITH_BIND_NOW index 02e4c37352b4..a2d3ac7e7779 100644 --- a/tools/build/options/WITH_BIND_NOW +++ b/tools/build/options/WITH_BIND_NOW @@ -3,3 +3,10 @@ Build all binaries with the .Dv DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. +The combination of the +.Va BIND_NOW +and +.Va RELRO +options provide "full" Relocation Read-Only (RELRO) support. +With full RELRO the entire GOT is made read-only after performing relocation at +startup, avoiding GOT overwrite attacks. diff --git a/tools/build/options/WITH_RELRO b/tools/build/options/WITH_RELRO new file mode 100644 index 000000000000..cfc344dd9cfe --- /dev/null +++ b/tools/build/options/WITH_RELRO @@ -0,0 +1,5 @@ +Build all binaries with the Relocation Read-Only (RELRO) vulnerability +mitigation applied. +See also the +.Va BIND_NOW +option.