diff --git a/buildflags.md b/buildflags.md index 36a6e75..13db157 100644 --- a/buildflags.md +++ b/buildflags.md @@ -59,6 +59,20 @@ position-dependent (no full ASLR) and use lazy binding. This turns off watermarking, making it impossible to do full hardening coverage analysis for any binaries produced. +### Disable strict symbol checks in the link editor (ld) + +By default, the link editor will refuse to link shared objects which +contain undefined symbols. In some cases (such as when a DSO is +loaded as a plugin and is expected to bind to symbols in the main +executable), undefined symbols are expected. In this case, you can +add + + %undefine _strict_symbol_defs_build + +to the RPM spec file to disable these strict checks. Alternatively, +you can pass `-z undefs` to ld (written as `-Wl,-z,undefs` on the gcc +command line). The latter needs binutils 2.29.1-12.fc28 or later. + # Individual compiler flags Compiler flags end up in the environment variables `CFLAGS`, @@ -213,6 +227,11 @@ to the compiler driver `gcc`, and not directly to the link editor dynamic linker is instructed to revoke write permissions after dynamic linking. Full protection of relocation data requires the `-z now` flag (see below). +* `-z defs`: Refuse to link shared objects (DSOs) with undefined symbols. + Such symbols lack symbol versioning information and can be bound to + the wrong (compatibility) symbol version at run time, and not the + actual (default) symbol version which would have been used if the + symbol definition had been available and static link time. For hardened builds, the `-specs=/usr/lib/rpm/redhat/redhat-hardened-ld` flag is added to the diff --git a/macros b/macros index b8bb1c6..a429980 100644 --- a/macros +++ b/macros @@ -166,13 +166,19 @@ %_annotated_build 1 %_annotated_cflags %{?_annotated_build:%{_annobin_cflags}} +# Fail linking if there are undefined symbols. Required for proper +# ELF symbol versioning support. +# Use %undefine _strict_symbol_defs_build" to disable. +%_strict_symbol_defs_build 1 +%_ld_symbols_flags %{?_strict_symbol_defs_build:-Wl,-z,defs} + %__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} %{_annotated_cflags} %__global_cflags %{optflags} %__global_cxxflags %{optflags} %__global_fflags %{optflags} -I%_fmoddir %__global_fcflags %{optflags} -I%_fmoddir -%__global_ldflags -Wl,-z,relro %{_hardened_ldflags} +%__global_ldflags -Wl,-z,relro %{_ld_symbols_flags} %{_hardened_ldflags} #============================================================================== # ---- Generic auto req/prov filtering macros diff --git a/redhat-rpm-config.spec b/redhat-rpm-config.spec index 5991245..fabad18 100644 --- a/redhat-rpm-config.spec +++ b/redhat-rpm-config.spec @@ -6,7 +6,7 @@ Summary: Red Hat specific rpm configuration files Name: redhat-rpm-config -Version: 83 +Version: 84 Release: 1%{?dist} # No version specified. License: GPL+ @@ -157,6 +157,9 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov %{_rpmconfigdir}/macros.d/macros.kmp %changelog +* Mon Jan 22 2018 Florian Weimer - 84-1 +- Link with -z defs by default (#1535422) + * Mon Jan 22 2018 Florian Weimer - 83-1 - Make armhfp flags consistent with GCC defaults