diff options
| author | Jan Beulich <jbeulich@suse.com> | 2025-04-14 14:24:28 +0200 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2025-04-14 14:24:28 +0200 |
| commit | f47975106fc439d0ddc65bb7850f1a1d68c93e78 (patch) | |
| tree | b641b19e6875003e3b200313d86e791b521c187d | |
| parent | 8fa7162be556f60fdbd146d2a38c1c7e776ead36 (diff) | |
| download | binutils-f47975106fc439d0ddc65bb7850f1a1d68c93e78.zip binutils-f47975106fc439d0ddc65bb7850f1a1d68c93e78.tar.gz binutils-f47975106fc439d0ddc65bb7850f1a1d68c93e78.tar.bz2 | |
ld/PE: restrict non-zero default DLL characteristics to MinGW
While commit ef6379e16dd1 ("Set the default DLL chracteristics to 0 for
Cygwin based targets") tried to undo the too broad earlier 514b4e191d5f
("Change the default characteristics of DLLs built by the linker to more
secure settings"), it didn't go quite far enough. Apparently the
assumption was that if it's not MinGW, it must be Cygwin. Whether it
really is okay to default three of the flags to non-zero on MinGW also
remains unclear - sadly neither of the commits came with any description
whatsoever. (Documentation also wasn't updated to indicate the restored
default.)
Setting effectively any of the DLL characteristics flags depends on
properties of the binary being linked. While defaulting to "more secure"
is a fair goal, it's only the programmer who can know whether their code
is actually compatible with the respective settings. On the assumption
that the change of defaults was indeed deliberate (and justifiable) for
MinGW, limit them to just that. In particular, don't default any of the
flags to set also for non-MinGW, non-Cygwin targets, like e.g. UEFI. At
least the mere applicability of the high-entropy-VA bit is pretty
questionable there in the first place - UEFI applications, after all,
run in "physical mode", i.e. either unpaged or (where paging is a
requirement, like for x86-64) direct-mapped.
The situation is particularly problematic with NX-compat: Many UEFI
implementations respect the "physical mode" property, where permissions
can't be enforced anyway. Some, like reportedly OVMF, even have a build
option to behave either way. Hence successfully testing a UEFI binary on
any number of systems does not guarantee it won't crash elsewhere if the
flag is wrongly set.
Get rid of excess semicolons as well.
| -rw-r--r-- | ld/emultempl/pe.em | 13 | ||||
| -rw-r--r-- | ld/emultempl/pep.em | 19 | ||||
| -rw-r--r-- | ld/ld.texi | 11 |
3 files changed, 25 insertions, 18 deletions
diff --git a/ld/emultempl/pe.em b/ld/emultempl/pe.em index 9a2b576..50bb082 100644 --- a/ld/emultempl/pe.em +++ b/ld/emultempl/pe.em @@ -7,11 +7,11 @@ else fi case ${target} in - *-*-cygwin*) - cygwin_behavior=1 + *-*-mingw*) + mingw_behavior=1 ;; *) - cygwin_behavior=0; + mingw_behavior=0 ;; esac @@ -126,9 +126,10 @@ fragment <<EOF #define DEFAULT_PSEUDO_RELOC_VERSION 1 #endif -#define DEFAULT_DLL_CHARACTERISTICS (${cygwin_behavior} ? 0 : \ - IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE \ - | IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) +#define DEFAULT_DLL_CHARACTERISTICS (${mingw_behavior} \ + ? IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE \ + | IMAGE_DLL_CHARACTERISTICS_NX_COMPAT \ + : 0) #if defined(TARGET_IS_i386pe) || ! defined(DLL_SUPPORT) #define PE_DEF_SUBSYSTEM IMAGE_SUBSYSTEM_WINDOWS_CUI diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em index 440c0bf..60a8339 100644 --- a/ld/emultempl/pep.em +++ b/ld/emultempl/pep.em @@ -9,11 +9,15 @@ fi case ${target} in *-*-cygwin*) move_default_addr_high=1 - cygwin_behavior=1 + mingw_behavior=0 + ;; + *-*-mingw*) + move_default_addr_high=0 + mingw_behavior=1 ;; *) - move_default_addr_high=0; - cygwin_behavior=0; + move_default_addr_high=0 + mingw_behavior=0 ;; esac @@ -126,10 +130,11 @@ fragment <<EOF #define DLL_SUPPORT #endif -#define DEFAULT_DLL_CHARACTERISTICS (${cygwin_behavior} ? 0 : \ - IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE \ - | IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA \ - | IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) +#define DEFAULT_DLL_CHARACTERISTICS (${mingw_behavior} \ + ? IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE \ + | IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA \ + | IMAGE_DLL_CHARACTERISTICS_NX_COMPAT \ + : 0) #if defined(TARGET_IS_i386pep) || defined(COFF_WITH_peAArch64) || ! defined(DLL_SUPPORT) #define PE_DEF_SUBSYSTEM IMAGE_SUBSYSTEM_WINDOWS_CUI @@ -3781,7 +3781,8 @@ of the PE file header: @item --high-entropy-va @itemx --disable-high-entropy-va Image is compatible with 64-bit address space layout randomization -(ASLR). This option is enabled by default for 64-bit PE images. +(ASLR). This option is enabled by default for 64-bit PE images in +MinGW targets. This option also implies @option{--dynamicbase} and @option{--enable-reloc-section}. @@ -3791,9 +3792,9 @@ This option also implies @option{--dynamicbase} and @itemx --disable-dynamicbase The image base address may be relocated using address space layout randomization (ASLR). This feature was introduced with MS Windows -Vista for i386 PE targets. This option is enabled by default but -can be disabled via the @option{--disable-dynamicbase} option. -This option also implies @option{--enable-reloc-section}. +Vista for i386 PE targets. This option is enabled by default for MinGW +targets but can be disabled via the @option{--disable-dynamicbase} +option. This option also implies @option{--enable-reloc-section}. @kindex --forceinteg @item --forceinteg @@ -3806,7 +3807,7 @@ default. @item --disable-nxcompat The image is compatible with the Data Execution Prevention. This feature was introduced with MS Windows XP SP2 for i386 PE -targets. The option is enabled by default. +targets. The option is enabled by default for MinGW targets. @kindex --no-isolation @item --no-isolation |