Created attachment 7760 [details] add --enable-reloc-section option Hi, When we were trying to build hardened .exes on Windows, we found that using -fPIE and -pie generated broken .exes that crashed immediately. (See also: http://sourceforge.net/p/mingw-w64/mailman/message/31167844/)After some investigation and experimentation, a contributor of ours wrote a patch that enables the creation of a reloc section which allows us to have functional ASLR. We're using this with binutils 2.24 and wanted to share it in case this is helpful, and hopefully to also get some feedback since nobody at Tor feels capable of giving it a sufficiently good review. If it's helpful to have some binaries to investigate that have been built with it, you can find one here: https://people.torproject.org/~erinn/builds/hardened/torbrowser-install-4.0-alpha-1_en-US.exe 2784dea6ec561d4d4225812461274730dc004a3b8ca88c6a3360e05e3fa03741 Patch is attached, thanks in advance for any feedback.
Hi Eriin, The patch is basically OK, ie acceptable, apart from a couple of small problems: 1. The changes to ld/emultempl/pep.em should refer to a variable called pep_dll_enable_reloc_section rather than pe_dll_enable_reloc_section, and this variable should be prototyped in ld/pep-dll.h and #define-d in ld/pep-dll.c. Try building a toolchain configure for an "x86_64-pc-cygwin" target to see why this is necessary. 2. The patch should include an update to ld/ld.texinfo describing the new command line option and when it should be used. 3. The patch needs a changelog entry, citing the author. You also need to make sure that the author has granted permission for this patch to be included in the binutils sources and he/she/it has assigned the copyright for the patch over to the FSF. With these changes I would be happy to accept the patches into the sources. Cheers Nick
--enable-reloc-section was implemented in https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=dc9bd8c92af67947db44b3cb428c050259b15cd0.
patch applied