<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - objcopy and strip get rid of the GNU_RELRO program header for binaries produced by lld"
href="https://bugs.llvm.org/show_bug.cgi?id=37473">37473</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>objcopy and strip get rid of the GNU_RELRO program header for binaries produced by lld
</td>
</tr>
<tr>
<th>Product</th>
<td>lld
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>ELF
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ppadevski@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Suppose I have 3 files - f.h, f.cpp and main.cpp. I can add the contents if
necessary. I want to use full RELRO. checkrelro.sh comes from here
<a href="http://www.trapkit.de/tools/checkrelro.sh">http://www.trapkit.de/tools/checkrelro.sh</a>
<span class="quote">>mkdir -p build</span >
>
<span class="quote">>./c++ -o build/main.o -c -g -fPIC main.cpp
>./c++ -o build/foo.o -c -g -fPIC foo.cpp
>./c++ -o build/libfoo.so -Wl,--hash-style=gnu -Wl,-O2 -Wl,-z,relro -Wl,-z,now -shared build/foo.o
>./c++ -o build/a.out -pie -Wl,--hash-style=gnu -Wl,-O2 -Wl,-z,relro -Wl,-z,now build/main.o -Lbuild -lfoo</span >
>
>
<span class="quote">>./checkrelro.sh --file build/libfoo.so</span >
>
<span class="quote">>echo 'objcopy --only-keep-debug'
>objcopy --only-keep-debug build/libfoo.so build/libfoo.so.debug
>./checkrelro.sh --file build/libfoo.so</span >
>
<span class="quote">>echo 'objcopy -R .gnu_debuglink'
>objcopy -R .gnu_debuglink --add-gnu-debuglink=build/libfoo.so.debug build/libfoo.so
>./checkrelro.sh --file build/libfoo.so</span >
>
<span class="quote">>echo 'strip'
>strip build/libfoo.so -o build/libfoo.so.stripped
>./checkrelro.sh --file build/libfoo.so
>./checkrelro.sh --file build/libfoo.so.stripped</span >
>
>
<span class="quote">>./checkrelro.sh --file build/a.out</span >
>
<span class="quote">>echo 'objcopy --only-keep-debug'
>objcopy --only-keep-debug build/a.out build/a.out.debug
>./checkrelro.sh --file build/a.out</span >
>
<span class="quote">>echo 'objcopy -R .gnu_debuglink'
>objcopy -R .gnu_debuglink --add-gnu-debuglink=build/a.out.debug build/a.out
>./checkrelro.sh --file build/a.out</span >
>
<span class="quote">>echo 'strip'
>strip build/a.out -o build/a.out.stripped
>./checkrelro.sh --file build/a.out
>./checkrelro.sh --file build/a.out.stripped</span >
With gcc 6.4 and ld.bfd I get
<span class="quote">> build/libfoo.so - full RELRO
> objcopy --only-keep-debug
> build/libfoo.so - full RELRO
> objcopy -R .gnu_debuglink
> build/libfoo.so - full RELRO
> strip
> build/libfoo.so - full RELRO
> build/libfoo.so.stripped - full RELRO
> build/a.out - full RELRO
> objcopy --only-keep-debug
> build/a.out - full RELRO
> objcopy -R .gnu_debuglink
> build/a.out - full RELRO
> strip
> build/a.out - full RELRO
> build/a.out.stripped - full RELRO</span >
With gcc 6.4 and ld.lld I get
<span class="quote">> build/libfoo.so - full RELRO
> objcopy --only-keep-debug
> build/libfoo.so - full RELRO
> objcopy -R .gnu_debuglink
> build/libfoo.so - no RELRO
> strip
> build/libfoo.so - no RELRO
> build/libfoo.so.stripped - no RELRO
> build/a.out - full RELRO
> objcopy --only-keep-debug
> build/a.out - full RELRO
> objcopy -R .gnu_debuglink
> build/a.out - no RELRO
> strip
> build/a.out - no RELRO
> build/a.out.stripped - no RELRO</span >
It seems that both objcopy and strip get rid of the GNU_RELRO program header
which is very very unfortunate. Is there a remedy for that?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>