Skip to content

/rust

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider applying `-Wl,-z,relro` or `-Wl,-z,relro,-z,now` by default #29877

Closed
brson opened this Issue Nov 16, 2015 · 9 comments

Comments

Assignees
No one assigned
Labels
A-linkage C-enhancement P-low
Projects
None yet
Milestone
No milestone
6 participants
@brson @gus @genodeftest @nagisa @alexcrichton @cuviper
@brson
Copy link
Contributor

brson commented Nov 16, 2015

These are some options that Debian applies, and that @gus wants to apply to all Rust code. Generally, Rust likes to harden things by default when there are no obvious disadvantages. Is it feasible that we might just use these by default?

@brson brson added the A-linkage label Nov 16, 2015

@gus

This comment has been minimized.

Sign in to view
Copy link

gus commented Nov 16, 2015

Sounds cool, but I didn't ask for that, @brson :)

Cheers,
Gus
@brson

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

brson commented Nov 17, 2015

Oops, wrong @gus. Sorry! Strong beard though.
@gus

This comment has been minimized.

Sign in to view
Copy link

gus commented Nov 17, 2015

;)

On Mon, Nov 16, 2015, 20:55 Brian Anderson notifications@github.com wrote:

Oops, wrong @gus https://github.com/gus. Sorry! Strong beard though.


Reply to this email directly or view it on GitHub
#29877 (comment).
@genodeftest

This comment has been minimized.

Sign in to view
Copy link
Contributor

genodeftest commented Dec 8, 2015

There is something similiar on Fedora: Change: Harden all packages

@brson brson added the P-low label May 4, 2017

@nagisa

This comment has been minimized.

Sign in to view
Copy link
Contributor

nagisa commented May 4, 2017

Downside is that not every alternative linker out there might support the flags.

@brson brson added the C-enhancement label May 4, 2017

@brson

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

brson commented May 4, 2017

@alexcrichton do recall if we've done anything here? I don't see 'relro' in the source.
@alexcrichton

This comment has been minimized.

Sign in to view
Copy link
Member

alexcrichton commented May 4, 2017

No I don't believe we ever implemented this, but would be good to do so!

@alexcrichton alexcrichton closed this May 4, 2017

@alexcrichton alexcrichton reopened this May 4, 2017

@alexcrichton

This comment has been minimized.

Sign in to view
Copy link
Member

alexcrichton commented May 4, 2017

er didn't mean to close
@cuviper

This comment has been minimized.

Sign in to view
Copy link
Member

cuviper commented May 4, 2017

FWIW, I also apply -Clink-arg=-Wl,-z,relro,-z,now in Fedora.

kyrias added a commit to kyrias/rust that referenced this issue Jul 11, 2017

@kyrias
Add support for full RELRO 
This commit adds support for full RELRO, and enables it for the
platforms I know have support for it.

Full RELRO makes the PLT+GOT data read-only on startup, preventing it
from being overwritten.

http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Fixes rust-lang#29877.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
a270e44

kyrias added a commit to kyrias/rust that referenced this issue Jul 11, 2017

@kyrias
Add support for full RELRO 
This commit adds support for full RELRO, and enables it for the
platforms I know have support for it.

Full RELRO makes the PLT+GOT data read-only on startup, preventing it
from being overwritten.

http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Fixes rust-lang#29877.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2306687

@kyrias kyrias referenced this issue Jul 11, 2017

Merged

Add support for full RELRO #43170

bors added a commit that referenced this issue Jul 19, 2017

@bors
Auto merge of #43170 - kyrias:full-relro, r=alexcrichton 
Add support for full RELRO

This commit adds support for full RELRO, and enables it for the
platforms I know have support for it.

Full RELRO makes the PLT+GOT data read-only on startup, preventing it
from being overwritten.

http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Fixes #29877.

---

I'm not entirely certain if this is the best way to do it, but I figured mimicking the way it's done for PIE seemed like a good start at least.  I'm not sure whether we want to have it enabled by default globally and then disabling it explicitly for targets that don't support it though.  I'm also not sure whether the `full_relro` function should call `bug!()` or something like it for linkers that don't support it rather than no-opping.
Loading status checks…
4e56bbe

@bors bors closed this in #43170 Jul 19, 2017

mattico added a commit to mattico/rust that referenced this issue Jul 29, 2017

@kyrias @mattico
Add support for full RELRO 
This commit adds support for full RELRO, and enables it for the
platforms I know have support for it.

Full RELRO makes the PLT+GOT data read-only on startup, preventing it
from being overwritten.

http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html

Fixes rust-lang#29877.

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
fbd17ef
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.