From bd6dc5ccec752b0667883b3e5c3d16f65e9b6707 Mon Sep 17 00:00:00 2001
From: Daniel Bertalan <dani@danielbertalan.dev>
Date: Wed, 18 Aug 2021 17:39:04 +0200
Subject: Meta+LibC: Don't allow text relocations in SerenityOS libraries

The `-z,text` linker flag causes the linker to reject shared libraries
and PIE executables that have textrels. Our code mostly did not use
these except in one place in LibC, which is changed in this commit.
This makes GNU ld match LLD's behavior, which has this option enabled by
default.

TEXTRELs pose a security risk, as performing these relocations require
executable pages to be written to by the dynamic linker. This can
significantly weaken W^X hardening mitigations.

Note that after this change, TEXTRELs can still be used in ports, as the
dynamic loader code is not changed. There are also uses of it in the
kernel, removing which are outside the scope of this PR. To allow those,
`-z,notext` is added.
---
 Kernel/CMakeLists.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Kernel/CMakeLists.txt')

diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt
index 55374465a3..b7d73ec981 100644
--- a/Kernel/CMakeLists.txt
+++ b/Kernel/CMakeLists.txt
@@ -437,8 +437,9 @@ add_compile_definitions(KERNEL)
 #       It's needed because CLion doesn't understand the way we switch compilers mid-build.
 add_compile_definitions(__serenity__)
 
+add_link_options(LINKER:-z,notext)
+
 if (USE_CLANG_TOOLCHAIN)
-    add_link_options(LINKER:-z,notext)
     add_link_options(LINKER:--build-id=none)
 endif()
 
-- 
cgit v1.2.3