-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sess: stabilize -Zrelro-level
as -Crelro-level
#121694
Conversation
Stabilization reportRELRO (Relocation Read-Only) is a binary hardening technique, it makes the Global Offset Table (GOT) read-only (preventing some avenues of exploitation). Roughly speaking, calls to functions from dynamic libraries are implemented using the Global Offset Table (GOT) and Procedure Linking Table (PLT) in an ELF file. A call to This scheme necessitates that the GOT is writable, which opens up the possibility for exploitation. Full RELRO resolves all the function addresses when the program is initially loaded and populates the GOT eagerly - this uses more memory and increases process startup time - but it allows the GOT to be made read-only (both rustc allows configuration of RELRO levels with This feature has been implemented since 2017 and has been enabled by default for most platforms on which it is enabled since that initial implementation. If we don't enable RELRO by default on a target, then users have no way of requesting it on stable toolchains. If RELRO is undesirable, then users have no way of disabling it on stable toolchains. As per other platform-specific codegen flags, this option is ignored on those targets (e.g. like TestsHistory
Unresolved questions
|
r? @JohnTitor rustbot has assigned @JohnTitor. Use r? to explicitly pick a reviewer |
This comment has been minimized.
This comment has been minimized.
208a913
to
8642db2
Compare
Some questions:
|
This does just pass flags to the linker. It would be useful with As far as I can tell, RELRO can be applied to shared objects as well as binaries, so you could have
From a cursory review of tier 2+ targets, it seems like we don't enable Full RELRO by default on Windows, Solaris/Illumos, Apple, Fuchsia, WebAssembly, and |
I don't think I'm a good reviewer here, r? @Mark-Simulacrum |
Makes sense.
I'd imagine Windows has some equivalent, but I guess we don't have to expose it all under the same flag, especially if the defaults are mostly on the "secure" side of things rather than not. @davidtwco do you want to kick off FCP? I don't think I can do that myself. |
@rfcbot fcp merge |
Team member @davidtwco has proposed to merge this. The next step is review by the rest of the tagged team members:
No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
Signed-off-by: David Wood <[email protected]>
8642db2
to
420c58f
Compare
🔔 This is now entering its final comment period, as per the review above. 🔔 |
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. This will be merged soon. |
@Mark-Simulacrum this is ready to be reviewed and approved now that the FCP has finished |
@bors r+ rollup |
…llaumeGomez Rollup of 14 pull requests Successful merges: - rust-lang#120781 (Correct usage note on OpenOptions::append()) - rust-lang#121694 (sess: stabilize `-Zrelro-level` as `-Crelro-level`) - rust-lang#122521 (doc(bootstrap): add top-level doc-comment to utils/tarball.rs) - rust-lang#123491 (Fix ICE in `eval_body_using_ecx`) - rust-lang#123574 (rustdoc: rename `issue-\d+.rs` tests to have meaningful names (part 6)) - rust-lang#123687 (Update ar_archive_writer to 0.2.0) - rust-lang#123721 (Various visionOS fixes) - rust-lang#123797 (Better graphviz output for SCCs and NLL constraints) - rust-lang#123990 (Make `suggest_deref_closure_return` more idiomatic/easier to understand) - rust-lang#123995 (Make `thir_tree` and `thir_flat` into hooks) - rust-lang#123998 (Opaque types have no namespace) - rust-lang#124001 (Fix docs for unstable_features lint.) - rust-lang#124006 (Move size assertions for `mir::syntax` types into the same file) - rust-lang#124011 (rustdoc: update the module-level docs of `rustdoc::clean`) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#121694 - davidtwco:stabilize-relro-level, r=Mark-Simulacrum sess: stabilize `-Zrelro-level` as `-Crelro-level` Stabilise `-Zrelro-level` as `-Crelro-level`. There's no tracking issue for this flag to close.
Stabilise
-Zrelro-level
as-Crelro-level
. There's no tracking issue for this flag to close.