[Bug c/117739] New: gcc -fhardened -Wl,-z,lazy unexpectadly links binary with immediate binding (-z now)

dimitri.ledkov at surgut dot co.uk via Gcc-bugs Fri, 22 Nov 2024 13:09:10 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117739


            Bug ID: 117739
           Summary: gcc -fhardened -Wl,-z,lazy unexpectadly links binary
                    with immediate binding (-z now)
           Product: gcc
           Version: 14.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: dimitri.ledkov at surgut dot co.uk
  Target Milestone: ---

Given a trivial c source code

# cat >hello.c <<"EOF"
      #include <alloca.h>
      #include <stdio.h>
      #include <string.h>
      int main(int argc, char* argv[]) {
          printf("hello-c");
          char buffer[5000];
          strcpy(buffer, argv[0]);
          char* dynbuffer = alloca(argc * 1000);
          strcpy(dynbuffer, argv[0]);
          return buffer[argc] + dynbuffer[argc];
      }
EOF


This compilation uses lazy binding

# /usr/bin/gcc -Wl,-z,lazy -o hello-lazy hello.c
# hardening-check hello-lazy 
hello-lazy:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: no, not found!
 Stack clash protection: unknown, no -fstack-clash-protection instructions
found
 Control flow integrity: no, not found!

Adding -fhardened negates the manually passed lazy flag. And results in a
binary with an "immediate binding: yes".

# /usr/bin/gcc -fhardened -Wl,-z,lazy -o hello-lazy hello.c
cc1: warning: '_FORTIFY_SOURCE' is not enabled by '-fhardened' because
optimizations are turned off [-Whardened]
# hardening-check hello-lazy 
hello-lazy:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: no, only unprotected functions found!
 Read-only relocations: yes
 Immediate binding: yes
 Stack clash protection: yes
 Control flow integrity: yes

Is it at all possible to use "-fhardened" and yet opt-into lazy binding?

Adding `-v` shows that there is always a trailing `-z now`, irrespective of the
order of when `-fhardened` is specified.

Note the "-z lazy /tmp/ccAfv8z8.o -z now -z relro" in the below output.

# /usr/bin/gcc -v -fhardened -Wl,-z,lazy -o hello-lazy hello.c
Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/14/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: ../configure --prefix=/usr --disable-nls --disable-werror
--with-pkgversion='Wolfi 14.2.0-r5' --with-glibc-version=2.39
--enable-initfini-array --disable-nls --disable-multilib --enable-host-shared
--enable-host-pie --enable-host-bind-now --enable-shared --enable-threads
--enable-tls --enable-default-pie --enable-default-ssp --with-system-zlib
--with-arch=x86-64-v2 --with-tune=sapphirerapids
--enable-languages=c,c++,fortran,jit,go --enable-bootstrap
--enable-gnu-indirect-function --enable-gnu-unique-object --enable-cet=auto
--enable-link-mutex --with-gcc-major-version-only --with-linker-hash-style=gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 14.2.0 (Wolfi 14.2.0-r5) 
COLLECT_GCC_OPTIONS='-v' '-fhardened' '-o' 'hello-lazy' '-pie'
'-mtune=sapphirerapids' '-march=x86-64-v2' '-dumpdir' 'hello-lazy-'
 /usr/libexec/gcc/x86_64-pc-linux-gnu/14/cc1 -quiet -v hello.c -quiet -dumpdir
hello-lazy- -dumpbase hello.c -dumpbase-ext .c -mtune=sapphirerapids
-march=x86-64-v2 -version -fhardened -o /tmp/ccBXY5Fa.s
GNU C17 (Wolfi 14.2.0-r5) version 14.2.0 (x86_64-pc-linux-gnu)
        compiled by GNU C version 14.2.0, GMP version 6.3.0, MPFR version
4.2.1, MPC version 1.3.1, isl version isl-0.27-GMP

GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
ignoring nonexistent directory "/usr/local/include"
ignoring nonexistent directory
"/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/lib/gcc/x86_64-pc-linux-gnu/14/include
 /usr/lib/gcc/x86_64-pc-linux-gnu/14/include-fixed
 /usr/include
End of search list.
Compiler executable checksum: 95d77264d79a95d022166a5c691d1df2
cc1: warning: '_FORTIFY_SOURCE' is not enabled by '-fhardened' because
optimizations are turned off [-Whardened]
COLLECT_GCC_OPTIONS='-v' '-fhardened' '-o' 'hello-lazy' '-pie'
'-mtune=sapphirerapids' '-march=x86-64-v2' '-dumpdir' 'hello-lazy-'
 /usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/as -v
--64 -o /tmp/ccAfv8z8.o /tmp/ccBXY5Fa.s
GNU assembler version 2.43.1 (x86_64-pc-linux-gnu) using BFD version (GNU
Binutils) 2.43.1
COMPILER_PATH=/usr/libexec/gcc/x86_64-pc-linux-gnu/14/:/usr/libexec/gcc/x86_64-pc-linux-gnu/14/:/usr/libexec/gcc/x86_64-pc-linux-gnu/:/usr/lib/gcc/x86_64-pc-linux-gnu/14/:/usr/lib/gcc/x86_64-pc-linux-gnu/:/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/bin/
LIBRARY_PATH=/usr/lib/gcc/x86_64-pc-linux-gnu/14/:/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../lib64/:/lib/../lib64/:/usr/lib/../lib64/:/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/lib/:/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../:/lib/:/usr/lib/
COLLECT_GCC_OPTIONS='-v' '-fhardened' '-o' 'hello-lazy' '-pie'
'-mtune=sapphirerapids' '-march=x86-64-v2' '-dumpdir' 'hello-lazy.'
 /usr/libexec/gcc/x86_64-pc-linux-gnu/14/collect2 -plugin
/usr/libexec/gcc/x86_64-pc-linux-gnu/14/liblto_plugin.so
-plugin-opt=/usr/libexec/gcc/x86_64-pc-linux-gnu/14/lto-wrapper
-plugin-opt=-fresolution=/tmp/cc73qvwN.res -plugin-opt=-pass-through=-lgcc
-plugin-opt=-pass-through=-lgcc_s -plugin-opt=-pass-through=-lc
-plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_s
--eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker
/lib64/ld-linux-x86-64.so.2 -pie -o hello-lazy
/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../lib64/Scrt1.o
/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../lib64/crti.o
/usr/lib/gcc/x86_64-pc-linux-gnu/14/crtbeginS.o
-L/usr/lib/gcc/x86_64-pc-linux-gnu/14
-L/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../lib64 -L/lib/../lib64
-L/usr/lib/../lib64
-L/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../x86_64-pc-linux-gnu/lib
-L/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../.. -z lazy /tmp/ccAfv8z8.o -z now
-z relro -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc
--push-state --as-needed -lgcc_s --pop-state
/usr/lib/gcc/x86_64-pc-linux-gnu/14/crtendS.o
/usr/lib/gcc/x86_64-pc-linux-gnu/14/../../../../lib64/crtn.o
COLLECT_GCC_OPTIONS='-v' '-fhardened' '-o' 'hello-lazy' '-pie'
'-mtune=sapphirerapids' '-march=x86-64-v2' '-dumpdir' 'hello-lazy.'

[Bug c/117739] New: gcc -fhardened -Wl,-z,lazy unexpectadly links binary with immediate binding (-z now)

Reply via email to