Hey All,

I'm working on Cross-DSO CFI support in HardenedBSD. I've noticed
certain libraries do not like to be compiled with -flto, libc being
one of them. I'm scratching my head a bit, but unsure where to go from
here, so a little direction would be helpful.

In the hardened/current/cross-dso-cfi feature branch of the
hardenedBSD-playground repo[1], ld.lld, llvm-ar, llvm-nm, and
llvm-objdump are the default ld, ar/ranlib, nm, and objdump
respectively. The first step for Cross-DSO CFI support is compiling
all shared and static libraries with LTO.

I'm curious if this is a shortcoming of ld.lld and I should file a bug
with the llvm project (if one's not already filed). I've heard that
someone got FreeBSD compiled with LTO already, so I'm hoping to borrow
some of their expertise.

Here's a log of the build (warning: large file):
https://gist.githubusercontent.com/anonymous/f8617d629fd054479142cc4b6de3581e/raw/b94579fac987556c01ae0aab7e2943d25d27bcc4/libc.log

Essentially, the erroring lines are:

/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
swapcontext.pico: symbol swapcontext@@@FBSD_1.2 has undefined version @FBSD_1.2
/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
openat.pico: symbol openat@@@FBSD_1.2 has undefined version @FBSD_1.2
/usr/obj/scratch/src/cross-dso-cfi/amd64.amd64/tmp/usr/bin/ld: error: 
setcontext.pico: symbol setcontext@@@FBSD_1.2 has undefined version @FBSD_1.2

[1]: 
https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/current/cross-dso-cfi

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

Attachment: signature.asc
Description: PGP signature

Reply via email to