diff options
| author | Daniel Bertalan <dani@danielbertalan.dev> | 2021-08-18 17:39:04 +0200 |
|---|---|---|
| committer | Gunnar Beutner <gunnar@beutner.name> | 2021-08-18 18:01:22 +0200 |
| commit | bd6dc5ccec752b0667883b3e5c3d16f65e9b6707 (patch) | |
| tree | 911505ae9f177b1924c5a583124b4d3f96952ce9 /Kernel/CMakeLists.txt | |
| parent | 446bd1e0de384274fbbb9cf5848f97b984fa5af7 (diff) | |
| download | serenity-bd6dc5ccec752b0667883b3e5c3d16f65e9b6707.zip | |
Meta+LibC: Don't allow text relocations in SerenityOS libraries
The `-z,text` linker flag causes the linker to reject shared libraries
and PIE executables that have textrels. Our code mostly did not use
these except in one place in LibC, which is changed in this commit.
This makes GNU ld match LLD's behavior, which has this option enabled by
default.
TEXTRELs pose a security risk, as performing these relocations require
executable pages to be written to by the dynamic linker. This can
significantly weaken W^X hardening mitigations.
Note that after this change, TEXTRELs can still be used in ports, as the
dynamic loader code is not changed. There are also uses of it in the
kernel, removing which are outside the scope of this PR. To allow those,
`-z,notext` is added.
Diffstat (limited to 'Kernel/CMakeLists.txt')
| -rw-r--r-- | Kernel/CMakeLists.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt index 55374465a3..b7d73ec981 100644 --- a/Kernel/CMakeLists.txt +++ b/Kernel/CMakeLists.txt @@ -437,8 +437,9 @@ add_compile_definitions(KERNEL) # It's needed because CLion doesn't understand the way we switch compilers mid-build. add_compile_definitions(__serenity__) +add_link_options(LINKER:-z,notext) + if (USE_CLANG_TOOLCHAIN) - add_link_options(LINKER:-z,notext) add_link_options(LINKER:--build-id=none) endif() |