HBSD: Disable BIND_NOW for libc and the RTLD

ifuncs can be incompatible with BIND_NOW in certain cases[1]. This would be the case for libc and the RTLD. As such, we should disable BIND_NOW for both libc and the RTLD. Unfortunately, using ifuncs in libc opens up a potential attack vector due to libc's PLT/GOT not using full RELRO (RELRO + BIND_NOW). From the ifunc documentation[1]: "When LD_BIND_NOW=1 or -Wl,z,now is in effect symbols must be immediately resolved at startup. In cases where an external function call depends needs to be made that may fail if such a call has not been initialized yet (PLT-based relocation which is processed later). For example calling strlen in an IFUNC resolver built with -Wl,z,now may lead to a segfault because the PLT is not yet resolved." [1]: https://sourceware.org/glibc/wiki/GNU_IFUNC Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> Sponsored-by: SoldierX github-issue: #357 MFC-to: 12-STABLE
HardenedBSD · Nov 16, 2018 · ccb4ab6 · ccb4ab6
1 parent 444d19d
commit ccb4ab6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/lib/libc/amd64/Makefile.inc b/lib/libc/amd64/Makefile.inc
@@ -7,3 +7,5 @@
 GDTOASRCS+=strtorx.c
 SRCS+=machdep_ldisx.c
 SYM_MAPS+=${LIBC_SRCTOP}/amd64/Symbol.map
+
+MK_BIND_NOW=	no
diff --git a/libexec/rtld-elf/amd64/Makefile.inc b/libexec/rtld-elf/amd64/Makefile.inc
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+MK_BIND_NOW=	no
+
 CFLAGS+=	${CFLAGS_NO_SIMD} -msoft-float
 # Uncomment this to build the dynamic linker as an executable instead
 # of a shared library: