Closed Bug 1482268 Opened 3 years ago Closed 3 years ago
Builds with LLD don't have RELRO
46 bytes, text/x-phabricator-request
|Details | Review|
By pure chance, I found that stripping lld-linked binaries removes the GNU_RELRO segment, removing the hardening from bug 1359912. This seems like a bug in binutils, and upgrading binutils should be enough, but since that changes many things, we need to handle this with care.
All the Linux builds using GCC uses the binutils bundled with GCC. This gives us some leeway to update the binutils used for clang builds (using the binutils toolchain as of bug 1486998) separately. Since we only ship builds using GCC, we're more free to upgrade binutils for clang builds, without worrying about the next merge. This upgrades to the last released version of binutils, and applies the patch from https://sourceware.org/bugzilla/show_bug.cgi?id=23591 on top, so that asan fuzzing builds don't fail. The GPG key used to sign the upstream tarball is unfortunately not connected to the web of trust. I verified the contents matched what's in the Debian archive (which has a different tarball, because some files are removed/modified in Debian for license reasons ; there were no differences besides those). Depends on D4740
Comment on attachment 9005576 [details] Bug 1482268 - Upgrade binutils for clang builds to 2.31.1. Nathan Froyd [:froydnj] has approved the revision.
Attachment #9005576 - Flags: review+
Attachment #9005576 - Attachment description: Bug 1482268 - Upgrade binutils for clang builds to 2.31.1. r?build → Bug 1482268 - Upgrade binutils for clang builds to 2.31.1.
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/f3caf291fde8 Upgrade binutils for clang builds to 2.31.1. r=froydnj
You need to log in before you can comment on or make changes to this bug.