strip segfaults on dietlibc-built executables

This change to gcc may be relevant:

gcc-4.3 (4.3.0-3ubuntu5) intrepid; urgency=low
  * debian/rules.patch: add security hardening compiler options:
    - gcc-relro-default: use -Wl,-z,relro by default.
    - gcc-format-security-default: use -Wformat -Wformat-security by default.
    - gcc-fortify-source-default: use -D_FORTIFY_SOURCE=2 by default.
 -- Kees Cook < <email address hidden>> Thu, 01 May 2008 15:04:12 -0700

It looks like this problem was encountered before with matrixssl (which uses dietlibc) given the following changelog:

matrixssl (1.8.5-1ubuntu1) intrepid; urgency=low
  * Add -Wl,-z,norelro to LDFLAGS, fix FTBFS while stripping binaries on
    i386 and amd64 architectures (Ubuntu toolchain issue only).
 -- Luca Falavigna < <email address hidden>> Fri, 25 Jul 2008 13:16:13 +0200

This problem causes dietlibc-dev to fail to build from source on Ubuntu intrepid on amd64 with the following error:

gcc -D__dietlibc__ -isystem include -Os -fstrict-aliasing -momit-leaf-frame-pointer -mfancy-math-387 -Wall -W -Wchar-subscripts -Wmissing-prototypes -Wmissing-declarations -Wno-switch -Wno-unused -Wredundant-decls -nostdlib -o bin-x86_64/diet bin-x86_64/start.o bin-x86_64/dyn_start.o diet.c bin-x86_64/dietlibc.a bin-x86_64/dyn_stop.o -DDIETHOME=\"/work/dietlibc-0.31\" -DVERSION=\"0.31-1ubuntu3\" -lgcc
strip -R .comment -R .note bin-x86_64/diet
make[1]: *** [bin-x86_64/diet] Segmentation fault (core dumped)
make[1]: *** Deleting file `bin-x86_64/diet'
make[1]: Leaving directory `/work/dietlibc-0.31'
make: *** [build-stamp] Error 2

Attached is a patch to fix this by adding the -Wl,-z,norelro option.

The previous patch fixes the FTBFS but is not enough to fix the original problem. The following patch changes the "diet" wrapper to add -Wl,-z,norelro as well.

Could you please try it on Jaunty too. I'm unable to reproduce it.

I can still reproduce the problem: it happens just as I described in the original report in a freshly-built amd64 jaunty chroot. Are you testing this on amd64? What output do you get from objdump?

Is there any reason you'd expect the problem to have gone away? dietlibc has not been changed since Ubuntu hardy but gcc presumably still adds the -Wl,-z,relro option. As far as I can remember, this option is not applicable to static executables. Maybe it could be considered a linker bug that it does not ignore the option when producing a static executable.

My fault, I am now able to reproduce it. I'll conduct some tests to see if this can be applied safely, dietlibc has several rdepends and they need to be checked carefully. Thanks!

This could be addressed in binutils directly, see http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/elf.c.diff?r1=1.466&r2=1.468&cvsroot=src&f=h.

Yes. That binutils fix was under this bug:
http://sourceware.org/bugzilla/show_bug.cgi?id=7011
(no mention of steps to reproduce though)
I also raised a bug on binutils myself:
http://sourceware.org/bugzilla/show_bug.cgi?id=7076
They are probably the same problem.

However, including a RELRO segment should not have any benefit for static executables because they are interpreted by the dynamic linker. See <http://www.airs.com/blog/archives/189> and <http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml#RELRO>.

This bug was fixed in the package binutils - 2.19.0.20090110-0ubuntu1

---------------
binutils (2.19.0.20090110-0ubuntu1) jaunty; urgency=low

  * Update to the binutils-2_19-branch 20090110.
    - Fix PR binutils/7011. LP: #254790.
  * debian/*.shlibs: Update to the version from the branch.

 -- Matthias Klose <email address hidden> Sat, 10 Jan 2009 13:47:35 +0100