mirror of
https://github.com/rust-lang/rust.git
synced 2025-02-08 04:56:58 +00:00
linker: Use data execution prevention options by default when linker supports them
This commit is contained in:
Vadim Petrochenkov
parent
4a20eb6a9d
commit
cc5392e76b
@ -1651,6 +1651,10 @@ fn linker_with_args<'a, B: ArchiveBuilder<'a>>(
|
|||||||
cmd.add_eh_frame_header();
|
cmd.add_eh_frame_header();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NO-OPT-OUT, OBJECT-FILES-NO, AUDIT-ORDER
|
||||||
|
// Make the binary compatible with data execution prevention schemes.
|
||||||
|
cmd.add_no_exec();
|
||||||
|
|
||||||
// NO-OPT-OUT, OBJECT-FILES-NO
|
// NO-OPT-OUT, OBJECT-FILES-NO
|
||||||
// Avoid linking to dynamic libraries unless they satisfy some undefined symbols
|
// Avoid linking to dynamic libraries unless they satisfy some undefined symbols
|
||||||
// at the point at which they are specified on the command line.
|
// at the point at which they are specified on the command line.
|
||||||
|
|||||||
@ -130,6 +130,7 @@ pub trait Linker {
|
|||||||
fn group_end(&mut self);
|
fn group_end(&mut self);
|
||||||
fn linker_plugin_lto(&mut self);
|
fn linker_plugin_lto(&mut self);
|
||||||
fn add_eh_frame_header(&mut self) {}
|
fn add_eh_frame_header(&mut self) {}
|
||||||
|
fn add_no_exec(&mut self) {}
|
||||||
fn add_as_needed(&mut self) {}
|
fn add_as_needed(&mut self) {}
|
||||||
fn finalize(&mut self);
|
fn finalize(&mut self);
|
||||||
}
|
}
|
||||||
@ -643,6 +644,14 @@ impl<'a> Linker for GccLinker<'a> {
|
|||||||
self.linker_arg("--eh-frame-hdr");
|
self.linker_arg("--eh-frame-hdr");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn add_no_exec(&mut self) {
|
||||||
|
if self.sess.target.is_like_windows {
|
||||||
|
self.linker_arg("--nxcompat");
|
||||||
|
} else if self.sess.target.linker_is_gnu {
|
||||||
|
self.linker_arg("-znoexecstack");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn add_as_needed(&mut self) {
|
fn add_as_needed(&mut self) {
|
||||||
if self.sess.target.linker_is_gnu {
|
if self.sess.target.linker_is_gnu {
|
||||||
self.linker_arg("--as-needed");
|
self.linker_arg("--as-needed");
|
||||||
@ -885,6 +894,10 @@ impl<'a> Linker for MsvcLinker<'a> {
|
|||||||
fn linker_plugin_lto(&mut self) {
|
fn linker_plugin_lto(&mut self) {
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn add_no_exec(&mut self) {
|
||||||
|
self.cmd.arg("/NXCOMPAT");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct EmLinker<'a> {
|
pub struct EmLinker<'a> {
|
||||||
|
|||||||
@ -1,15 +1,6 @@
|
|||||||
use crate::spec::{LinkArgs, LinkerFlavor, RelroLevel, TargetOptions};
|
use crate::spec::{RelroLevel, TargetOptions};
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut args = LinkArgs::new();
|
|
||||||
args.insert(
|
|
||||||
LinkerFlavor::Gcc,
|
|
||||||
vec![
|
|
||||||
// Always enable NX protection when it is available
|
|
||||||
"-Wl,-z,noexecstack".to_string(),
|
|
||||||
],
|
|
||||||
);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
os: "dragonfly".to_string(),
|
os: "dragonfly".to_string(),
|
||||||
dynamic_linking: true,
|
dynamic_linking: true,
|
||||||
@ -17,7 +8,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
os_family: Some("unix".to_string()),
|
os_family: Some("unix".to_string()),
|
||||||
linker_is_gnu: true,
|
linker_is_gnu: true,
|
||||||
has_rpath: true,
|
has_rpath: true,
|
||||||
pre_link_args: args,
|
|
||||||
position_independent_executables: true,
|
position_independent_executables: true,
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
dwarf_version: Some(2),
|
dwarf_version: Some(2),
|
||||||
|
|||||||
@ -1,15 +1,6 @@
|
|||||||
use crate::spec::{LinkArgs, LinkerFlavor, RelroLevel, TargetOptions};
|
use crate::spec::{RelroLevel, TargetOptions};
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut args = LinkArgs::new();
|
|
||||||
args.insert(
|
|
||||||
LinkerFlavor::Gcc,
|
|
||||||
vec![
|
|
||||||
// Always enable NX protection when it is available
|
|
||||||
"-Wl,-z,noexecstack".to_string(),
|
|
||||||
],
|
|
||||||
);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
os: "freebsd".to_string(),
|
os: "freebsd".to_string(),
|
||||||
dynamic_linking: true,
|
dynamic_linking: true,
|
||||||
@ -17,7 +8,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
os_family: Some("unix".to_string()),
|
os_family: Some("unix".to_string()),
|
||||||
linker_is_gnu: true,
|
linker_is_gnu: true,
|
||||||
has_rpath: true,
|
has_rpath: true,
|
||||||
pre_link_args: args,
|
|
||||||
position_independent_executables: true,
|
position_independent_executables: true,
|
||||||
eliminate_frame_pointer: false, // FIXME 43575
|
eliminate_frame_pointer: false, // FIXME 43575
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
|
|||||||
@ -1,15 +1,6 @@
|
|||||||
use crate::spec::{LinkArgs, LinkerFlavor, RelroLevel, TargetOptions};
|
use crate::spec::{RelroLevel, TargetOptions};
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut args = LinkArgs::new();
|
|
||||||
args.insert(
|
|
||||||
LinkerFlavor::Gcc,
|
|
||||||
vec![
|
|
||||||
// Always enable NX protection when it is available
|
|
||||||
"-Wl,-z,noexecstack".to_string(),
|
|
||||||
],
|
|
||||||
);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
os: "linux".to_string(),
|
os: "linux".to_string(),
|
||||||
dynamic_linking: true,
|
dynamic_linking: true,
|
||||||
@ -17,7 +8,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
os_family: Some("unix".to_string()),
|
os_family: Some("unix".to_string()),
|
||||||
linker_is_gnu: true,
|
linker_is_gnu: true,
|
||||||
has_rpath: true,
|
has_rpath: true,
|
||||||
pre_link_args: args,
|
|
||||||
position_independent_executables: true,
|
position_independent_executables: true,
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
has_elf_tls: true,
|
has_elf_tls: true,
|
||||||
|
|||||||
@ -1,11 +1,6 @@
|
|||||||
use crate::spec::{
|
use crate::spec::{PanicStrategy, RelocModel, RelroLevel, StackProbeType, TargetOptions};
|
||||||
LinkArgs, LinkerFlavor, PanicStrategy, RelocModel, RelroLevel, StackProbeType, TargetOptions,
|
|
||||||
};
|
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut pre_link_args = LinkArgs::new();
|
|
||||||
pre_link_args.insert(LinkerFlavor::Gcc, vec!["-Wl,-z,noexecstack".to_string()]);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
env: "gnu".to_string(),
|
env: "gnu".to_string(),
|
||||||
disable_redzone: true,
|
disable_redzone: true,
|
||||||
@ -17,7 +12,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
needs_plt: true,
|
needs_plt: true,
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
relocation_model: RelocModel::Static,
|
relocation_model: RelocModel::Static,
|
||||||
pre_link_args,
|
|
||||||
|
|
||||||
..Default::default()
|
..Default::default()
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,13 +5,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
// Suppress the verbose logo and authorship debugging output, which would needlessly
|
// Suppress the verbose logo and authorship debugging output, which would needlessly
|
||||||
// clog any log files.
|
// clog any log files.
|
||||||
"/NOLOGO".to_string(),
|
"/NOLOGO".to_string(),
|
||||||
// Tell the compiler that non-code sections can be marked as non-executable,
|
|
||||||
// including stack pages.
|
|
||||||
// UEFI is fully compatible to non-executable data pages.
|
|
||||||
// In fact, firmware might enforce this, so we better let the linker know about this,
|
|
||||||
// so it will fail if the compiler ever tries placing code on the stack
|
|
||||||
// (e.g., trampoline constructs and alike).
|
|
||||||
"/NXCOMPAT".to_string(),
|
|
||||||
];
|
];
|
||||||
let mut pre_link_args = LinkArgs::new();
|
let mut pre_link_args = LinkArgs::new();
|
||||||
pre_link_args.insert(LinkerFlavor::Msvc, pre_link_args_msvc.clone());
|
pre_link_args.insert(LinkerFlavor::Msvc, pre_link_args_msvc.clone());
|
||||||
|
|||||||
@ -1,15 +1,6 @@
|
|||||||
use crate::spec::{LinkArgs, LinkerFlavor, RelroLevel, TargetOptions};
|
use crate::spec::{RelroLevel, TargetOptions};
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut args = LinkArgs::new();
|
|
||||||
args.insert(
|
|
||||||
LinkerFlavor::Gcc,
|
|
||||||
vec![
|
|
||||||
// Always enable NX protection when it is available
|
|
||||||
"-Wl,-z,noexecstack".to_string(),
|
|
||||||
],
|
|
||||||
);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
os: "openbsd".to_string(),
|
os: "openbsd".to_string(),
|
||||||
dynamic_linking: true,
|
dynamic_linking: true,
|
||||||
@ -18,7 +9,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
linker_is_gnu: true,
|
linker_is_gnu: true,
|
||||||
has_rpath: true,
|
has_rpath: true,
|
||||||
abi_return_struct_as_int: true,
|
abi_return_struct_as_int: true,
|
||||||
pre_link_args: args,
|
|
||||||
position_independent_executables: true,
|
position_independent_executables: true,
|
||||||
eliminate_frame_pointer: false, // FIXME 43575
|
eliminate_frame_pointer: false, // FIXME 43575
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
|
|||||||
@ -1,15 +1,6 @@
|
|||||||
use crate::spec::{LinkArgs, LinkerFlavor, RelroLevel, TargetOptions};
|
use crate::spec::{RelroLevel, TargetOptions};
|
||||||
|
|
||||||
pub fn opts() -> TargetOptions {
|
pub fn opts() -> TargetOptions {
|
||||||
let mut args = LinkArgs::new();
|
|
||||||
args.insert(
|
|
||||||
LinkerFlavor::Gcc,
|
|
||||||
vec![
|
|
||||||
// Always enable NX protection when it is available
|
|
||||||
"-Wl,-z,noexecstack".to_string(),
|
|
||||||
],
|
|
||||||
);
|
|
||||||
|
|
||||||
TargetOptions {
|
TargetOptions {
|
||||||
os: "redox".to_string(),
|
os: "redox".to_string(),
|
||||||
env: "relibc".to_string(),
|
env: "relibc".to_string(),
|
||||||
@ -18,7 +9,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
os_family: Some("unix".to_string()),
|
os_family: Some("unix".to_string()),
|
||||||
linker_is_gnu: true,
|
linker_is_gnu: true,
|
||||||
has_rpath: true,
|
has_rpath: true,
|
||||||
pre_link_args: args,
|
|
||||||
position_independent_executables: true,
|
position_independent_executables: true,
|
||||||
relro_level: RelroLevel::Full,
|
relro_level: RelroLevel::Full,
|
||||||
has_elf_tls: true,
|
has_elf_tls: true,
|
||||||
|
|||||||
@ -9,8 +9,6 @@ pub fn opts() -> TargetOptions {
|
|||||||
// Tell GCC to avoid linker plugins, because we are not bundling
|
// Tell GCC to avoid linker plugins, because we are not bundling
|
||||||
// them with Windows installer, and Rust does its own LTO anyways.
|
// them with Windows installer, and Rust does its own LTO anyways.
|
||||||
"-fno-use-linker-plugin".to_string(),
|
"-fno-use-linker-plugin".to_string(),
|
||||||
// Always enable DEP (NX bit) when it is available
|
|
||||||
"-Wl,--nxcompat".to_string(),
|
|
||||||
// Enable ASLR
|
// Enable ASLR
|
||||||
"-Wl,--dynamicbase".to_string(),
|
"-Wl,--dynamicbase".to_string(),
|
||||||
// ASLR will rebase it anyway so leaving that option enabled only leads to confusion
|
// ASLR will rebase it anyway so leaving that option enabled only leads to confusion
|
||||||
|
|||||||
@ -4,8 +4,6 @@ use super::{LinkerFlavor, LldFlavor, PanicStrategy, Target, TargetOptions};
|
|||||||
|
|
||||||
pub fn target() -> Target {
|
pub fn target() -> Target {
|
||||||
const PRE_LINK_ARGS: &[&str] = &[
|
const PRE_LINK_ARGS: &[&str] = &[
|
||||||
"-z",
|
|
||||||
"noexecstack",
|
|
||||||
"-e",
|
"-e",
|
||||||
"elf_entry",
|
"elf_entry",
|
||||||
"-Bstatic",
|
"-Bstatic",
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user