This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Add --enable-static-pie to build static executables as PIE
- From: Alan Modra <amodra at gmail dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: Rich Felker <dalias at libc dot org>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 18 Jul 2017 23:18:00 +0930
- Subject: Re: RFC: Add --enable-static-pie to build static executables as PIE
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOpAVyDYwe5o3S+0T96Ryeug=qHwgbQguGL4kaqJOrKViw@mail.gmail.com> <20170717222937.GQ1627@brightrain.aerifal.cx> <CAMe9rOozp6T25FzpP41S+PaWmANa955=K8hZcFagmFfoaQKgSA@mail.gmail.com> <20170718042500.GI14520@bubble.grove.modra.org> <CAMe9rOq3h1mvrLUn7CQ9vJ=NmERhr=Hb1KHu7-zkA6aKKT7WHA@mail.gmail.com>
On Tue, Jul 18, 2017 at 05:30:48AM -0700, H.J. Lu wrote:
> On Mon, Jul 17, 2017 at 9:25 PM, Alan Modra <amodra@gmail.com> wrote:
> > On Mon, Jul 17, 2017 at 03:57:47PM -0700, H.J. Lu wrote:
> >> On Mon, Jul 17, 2017 at 3:29 PM, Rich Felker <dalias@libc.org> wrote:
> >> > On Mon, Jul 17, 2017 at 08:58:22AM -0700, H.J. Lu wrote:
> >> >> Hi,
> >> >>
> >> >> Are there any interests for --enable-static-pie, which builds static
> >> >> executables as PIE?
> >> >
> >> > Can you clarify what you're asking about? Is this asking if glibc is
> >> > interested in providing the runtime support (crt variant) for gcc to
> >> > be able to produce static PIE executables using glibc? I'm unclear on
> >> > whose configure script would need --enable-static-pie.
> >> >
> >>
> >> --enable-static-pie will be a configure option to glibc:
> >>
> >> 1. Build libc.a with -fPIE.
> >> 2. Update pointers in static PIE.
> >> 3. Apply IREL relocations for static PIE.
> >> 4 ....
> >
> > Explain first exactly what you mean by a "static PIE".
> >
> > - Will it be ET_EXEC or ET_DYN?
>
> [hjl@gnu-tools-1 build-x86_64-linux]$ readelf -h elf/sln
> ELF Header:
> Magic: 7f 45 4c 46 02 01 01 03 00 00 00 00 00 00 00 00
> Class: ELF64
> Data: 2's complement, little endian
> Version: 1 (current)
> OS/ABI: UNIX - GNU
> ABI Version: 0
> Type: DYN (Shared object file)
OK, good. I don't have any problem with this.
Now, you can link PIEs using -fPIE static libraries just with "-pie
-Wl,-Bstatic". This will give you a PIE with no dynamic library
dependencies (except ld.so) and needs no toolchain or startup file
changes. You only need to ensure that libc.a and other archives are
built with -fPIE.
> Linker needs to support --no-dynamic-linker.
Is there really much to be gained from PIEs that don't use ld.so
versus those that do?
--
Alan Modra
Australia Development Lab, IBM