mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-25 09:00:22 +00:00
Meta+LibC: Don't allow text relocations in SerenityOS libraries
The `-z,text` linker flag causes the linker to reject shared libraries and PIE executables that have textrels. Our code mostly did not use these except in one place in LibC, which is changed in this commit. This makes GNU ld match LLD's behavior, which has this option enabled by default. TEXTRELs pose a security risk, as performing these relocations require executable pages to be written to by the dynamic linker. This can significantly weaken W^X hardening mitigations. Note that after this change, TEXTRELs can still be used in ports, as the dynamic loader code is not changed. There are also uses of it in the kernel, removing which are outside the scope of this PR. To allow those, `-z,notext` is added.
This commit is contained in:
parent
446bd1e0de
commit
bd6dc5ccec
Notes:
sideshowbarker
2024-07-18 05:32:03 +09:00
Author: https://github.com/BertalanD Commit: https://github.com/SerenityOS/serenity/commit/bd6dc5ccec7 Pull-request: https://github.com/SerenityOS/serenity/pull/9492
4 changed files with 6 additions and 3 deletions
|
@ -299,6 +299,8 @@ else()
|
|||
add_compile_options(-Wdouble-promotion)
|
||||
endif()
|
||||
|
||||
add_link_options(LINKER:-z,text)
|
||||
|
||||
if("${SERENITY_ARCH}" STREQUAL "i686")
|
||||
add_compile_options(-march=i686)
|
||||
else()
|
||||
|
|
|
@ -437,8 +437,9 @@ add_compile_definitions(KERNEL)
|
|||
# It's needed because CLion doesn't understand the way we switch compilers mid-build.
|
||||
add_compile_definitions(__serenity__)
|
||||
|
||||
add_link_options(LINKER:-z,notext)
|
||||
|
||||
if (USE_CLANG_TOOLCHAIN)
|
||||
add_link_options(LINKER:-z,notext)
|
||||
add_link_options(LINKER:--build-id=none)
|
||||
endif()
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ sigsetjmp:
|
|||
push %eax
|
||||
push $0 // Set argument set
|
||||
push $0 // Set argument how
|
||||
call sigprocmask
|
||||
call sigprocmask@plt
|
||||
add $12, %esp
|
||||
|
||||
.Lsaveregs:
|
||||
|
|
|
@ -25,7 +25,7 @@ sigsetjmp:
|
|||
mov $0, %rdi // Set argument how
|
||||
mov $0, %rsi // Set argument set
|
||||
lea 64(%rdi), %rdx // Set argument oldset
|
||||
call sigprocmask
|
||||
call sigprocmask@plt
|
||||
mov %r12, %rdi // Restore sigjmp_buf argument
|
||||
|
||||
.Lsaveregs:
|
||||
|
|
Loading…
Reference in a new issue