-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: x86_64-unknown-linux-musl static-pie
target for ASLR
#70693
Comments
If there will be no native support, at least ship |
something like: src/librustc_target/spec/linux_musl_base.rs: base.pre_link_args_crt.get_mut(&LinkerFlavor::Gcc).unwrap().push("-static-pie".to_string());
base.pre_link_args_crt.get_mut(&LinkerFlavor::Gcc).unwrap().push("-Wl,-pie".to_string());
base.pre_link_objects_exe_crt.push("rcrt1.o".to_string()); |
The workaround may be similar to what I recently did to statically link to bionic libc (#70501) - produce a ( |
Hmm, I don't want a workaround. I rather want a secure static binary with ASLR by default. |
Enabling static-pie for musl and make it the default for the x86_64-unknown-linux-musl target This is a quick implementation for rust-lang#70693 Opening it as a draft PR to gather some feedback, before I put more work in it. ```console ❯ cat hello.rs fn main() { println!("main = {:#x}", &main as *const _ as usize); } ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl ~/hello.rs ❯ ldd hello statically linked ❯ file hello hello: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=fec5cdc170f503a712a63a6958691ce5ce433654, with debug_info, not stripped ❯ ./hello main = 0x7f233ca30008 ❯ ./hello main = 0x7f9ddc529008 ❯ ./hello main = 0x7f1e5a224008 ❯ ./hello main = 0x7f4485c7c008 ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl -Z print-link-args ~/hello.rs "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-Wl,--eh-frame-hdr" "-m64" "-nostdlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/rcrt1.o" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crti.o" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "hello.hello.7rcbfp3g-cgu.0.rcgu.o" "hello.hello.7rcbfp3g-cgu.1.rcgu.o" "hello.hello.7rcbfp3g-cgu.2.rcgu.o" "hello.hello.7rcbfp3g-cgu.3.rcgu.o" "hello.hello.7rcbfp3g-cgu.4.rcgu.o" "hello.hello.7rcbfp3g-cgu.5.rcgu.o" "-o" "hello" "hello.1nxjf9so94czdgcz.rcgu.o" "-Wl,--gc-sections" "-static-pie" "-Wl,-zrelro" "-Wl,-znow" "-nodefaultlibs" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "-Wl,--start-group" "-Wl,-Bstatic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libstd-0f9cb7646f9e2c34.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libpanic_unwind-ba857f2f2e4e7187.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libhashbrown-58ba5e25bbdf9d29.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_alloc-886bfe43afa847dc.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace-fbfb8fe99f19a67b.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace_sys-85fa859e7d364cc9.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_demangle-07ab026cd3ec0d82.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libunwind-a8ec5932d92ea864.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcfg_if-0ba4cc2f38a198d5.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liblibc-c1bb2b3ce4f78b7c.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liballoc-0ff673c1cf0d451a.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_core-c8ff2001db856926.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcore-2ae14177140eeca2.rlib" "-Wl,--end-group" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcompiler_builtins-4fd81b5ce1b08a9c.rlib" "-static" "-Wl,-Bdynamic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crtn.o" ```
Enabling static-pie for musl and make it the default for the x86_64-unknown-linux-musl target This is a quick implementation for rust-lang#70693 Opening it as a draft PR to gather some feedback, before I put more work in it. ```console ❯ cat hello.rs fn main() { println!("main = {:#x}", &main as *const _ as usize); } ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl ~/hello.rs ❯ ldd hello statically linked ❯ file hello hello: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=fec5cdc170f503a712a63a6958691ce5ce433654, with debug_info, not stripped ❯ ./hello main = 0x7f233ca30008 ❯ ./hello main = 0x7f9ddc529008 ❯ ./hello main = 0x7f1e5a224008 ❯ ./hello main = 0x7f4485c7c008 ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl -Z print-link-args ~/hello.rs "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-Wl,--eh-frame-hdr" "-m64" "-nostdlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/rcrt1.o" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crti.o" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "hello.hello.7rcbfp3g-cgu.0.rcgu.o" "hello.hello.7rcbfp3g-cgu.1.rcgu.o" "hello.hello.7rcbfp3g-cgu.2.rcgu.o" "hello.hello.7rcbfp3g-cgu.3.rcgu.o" "hello.hello.7rcbfp3g-cgu.4.rcgu.o" "hello.hello.7rcbfp3g-cgu.5.rcgu.o" "-o" "hello" "hello.1nxjf9so94czdgcz.rcgu.o" "-Wl,--gc-sections" "-static-pie" "-Wl,-zrelro" "-Wl,-znow" "-nodefaultlibs" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "-Wl,--start-group" "-Wl,-Bstatic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libstd-0f9cb7646f9e2c34.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libpanic_unwind-ba857f2f2e4e7187.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libhashbrown-58ba5e25bbdf9d29.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_alloc-886bfe43afa847dc.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace-fbfb8fe99f19a67b.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace_sys-85fa859e7d364cc9.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_demangle-07ab026cd3ec0d82.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libunwind-a8ec5932d92ea864.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcfg_if-0ba4cc2f38a198d5.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liblibc-c1bb2b3ce4f78b7c.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liballoc-0ff673c1cf0d451a.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_core-c8ff2001db856926.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcore-2ae14177140eeca2.rlib" "-Wl,--end-group" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcompiler_builtins-4fd81b5ce1b08a9c.rlib" "-static" "-Wl,-Bdynamic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crtn.o" ```
Enabling static-pie for musl and make it the default for the x86_64-unknown-linux-musl target This is a quick implementation for rust-lang#70693 Opening it as a draft PR to gather some feedback, before I put more work in it. ```console ❯ cat hello.rs fn main() { println!("main = {:#x}", &main as *const _ as usize); } ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl ~/hello.rs ❯ ldd hello statically linked ❯ file hello hello: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=fec5cdc170f503a712a63a6958691ce5ce433654, with debug_info, not stripped ❯ ./hello main = 0x7f233ca30008 ❯ ./hello main = 0x7f9ddc529008 ❯ ./hello main = 0x7f1e5a224008 ❯ ./hello main = 0x7f4485c7c008 ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl -Z print-link-args ~/hello.rs "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-Wl,--eh-frame-hdr" "-m64" "-nostdlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/rcrt1.o" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crti.o" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "hello.hello.7rcbfp3g-cgu.0.rcgu.o" "hello.hello.7rcbfp3g-cgu.1.rcgu.o" "hello.hello.7rcbfp3g-cgu.2.rcgu.o" "hello.hello.7rcbfp3g-cgu.3.rcgu.o" "hello.hello.7rcbfp3g-cgu.4.rcgu.o" "hello.hello.7rcbfp3g-cgu.5.rcgu.o" "-o" "hello" "hello.1nxjf9so94czdgcz.rcgu.o" "-Wl,--gc-sections" "-static-pie" "-Wl,-zrelro" "-Wl,-znow" "-nodefaultlibs" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "-Wl,--start-group" "-Wl,-Bstatic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libstd-0f9cb7646f9e2c34.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libpanic_unwind-ba857f2f2e4e7187.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libhashbrown-58ba5e25bbdf9d29.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_alloc-886bfe43afa847dc.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace-fbfb8fe99f19a67b.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace_sys-85fa859e7d364cc9.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_demangle-07ab026cd3ec0d82.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libunwind-a8ec5932d92ea864.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcfg_if-0ba4cc2f38a198d5.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liblibc-c1bb2b3ce4f78b7c.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liballoc-0ff673c1cf0d451a.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_core-c8ff2001db856926.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcore-2ae14177140eeca2.rlib" "-Wl,--end-group" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcompiler_builtins-4fd81b5ce1b08a9c.rlib" "-static" "-Wl,-Bdynamic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crtn.o" ``` Closes rust-lang#70693 Closes rust-lang#53968
Enabling static-pie for musl and make it the default for the x86_64-unknown-linux-musl target This is a quick implementation for rust-lang#70693 Opening it as a draft PR to gather some feedback, before I put more work in it. ```console ❯ cat hello.rs fn main() { println!("main = {:#x}", &main as *const _ as usize); } ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl ~/hello.rs ❯ ldd hello statically linked ❯ file hello hello: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=fec5cdc170f503a712a63a6958691ce5ce433654, with debug_info, not stripped ❯ ./hello main = 0x7f233ca30008 ❯ ./hello main = 0x7f9ddc529008 ❯ ./hello main = 0x7f1e5a224008 ❯ ./hello main = 0x7f4485c7c008 ❯ /tmp/rust-musl/bin/rustc --target x86_64-unknown-linux-musl -Z print-link-args ~/hello.rs "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-Wl,--eh-frame-hdr" "-m64" "-nostdlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/rcrt1.o" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crti.o" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "hello.hello.7rcbfp3g-cgu.0.rcgu.o" "hello.hello.7rcbfp3g-cgu.1.rcgu.o" "hello.hello.7rcbfp3g-cgu.2.rcgu.o" "hello.hello.7rcbfp3g-cgu.3.rcgu.o" "hello.hello.7rcbfp3g-cgu.4.rcgu.o" "hello.hello.7rcbfp3g-cgu.5.rcgu.o" "-o" "hello" "hello.1nxjf9so94czdgcz.rcgu.o" "-Wl,--gc-sections" "-static-pie" "-Wl,-zrelro" "-Wl,-znow" "-nodefaultlibs" "-L" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib" "-Wl,--start-group" "-Wl,-Bstatic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libstd-0f9cb7646f9e2c34.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libpanic_unwind-ba857f2f2e4e7187.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libhashbrown-58ba5e25bbdf9d29.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_alloc-886bfe43afa847dc.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace-fbfb8fe99f19a67b.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libbacktrace_sys-85fa859e7d364cc9.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_demangle-07ab026cd3ec0d82.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libunwind-a8ec5932d92ea864.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcfg_if-0ba4cc2f38a198d5.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liblibc-c1bb2b3ce4f78b7c.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/liballoc-0ff673c1cf0d451a.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/librustc_std_workspace_core-c8ff2001db856926.rlib" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcore-2ae14177140eeca2.rlib" "-Wl,--end-group" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/libcompiler_builtins-4fd81b5ce1b08a9c.rlib" "-static" "-Wl,-Bdynamic" "/tmp/rust-musl/lib/rustlib/x86_64-unknown-linux-musl/lib/crtn.o" ``` Closes rust-lang#70693 Closes rust-lang#53968
With musl we can generate static binaries just fine. But without much work we can even generate a static position independent executable, which would enable Address Space Layout Randomization for free.
For this to work, we need:
relocation-model=pic
-static-pie
-no-pie
-pie
or--pic-executable
crt1.o
withrcrt1.o
rust/src/librustc_target/spec/linux_musl_base.rs
Line 24 in 0f72ce1
payload
is a program printing all the AUX vectors, which also contains the entry address of the program. As you can see it changes with every start of the program.The text was updated successfully, but these errors were encountered: