Hey All, I'm working on Cross-DSO CFI support in HardenedBSD. I've noticed certain libraries do not like to be compiled with -flto, libc being one of them. I'm scratching my head a bit, but unsure where to go from here, so a little direction would be helpful.
In the hardened/current/cross-dso-cfi feature branch of the hardenedBSD-playground repo[1], ld.lld, llvm-ar, llvm-nm, and llvm-objdump are the default ld, ar/ranlib, nm, and objdump respectively. The first step for Cross-DSO CFI support is compiling all shared and static libraries with LTO. I'm curious if this is a shortcoming of ld.lld and I should file a bug with the llvm project (if one's not already filed). I've heard that someone got FreeBSD compiled with LTO already, so I'm hoping to borrow some of their expertise. Here's a log of the build (warning: large file): https://gist.githubusercontent.com/anonymous/f8617d629fd054479142cc4b6de3581e/raw/b94579fac987556c01ae0aab7e2943d25d27bcc4/libc.log Essentially, the erroring lines are: /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: swapcontext.pico: symbol swapcontext@@@FBSD_1.2 has undefined version @FBSD_1.2 /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: openat.pico: symbol openat@@@FBSD_1.2 has undefined version @FBSD_1.2 /usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: setcontext.pico: symbol setcontext@@@FBSD_1.2 has undefined version @FBSD_1.2 [1]: https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/current/cross-dso-cfi Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature