static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Samuel Thibault]

Hello,

We're seeing a missing _DYNAMIC symbol here:

https://buildd.debian.org/status/fetch.php?pkg=gnupg2&arch=hurd-i386&ver=2.2.40-1&stamp=1666261690&raw=0

which is leaving me completely confused.


gcc -I/usr/include  -I/usr/include  -Wall -Wno-format-zero-length -Wno-pointer-sign -Wpointer-arith -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security  -Wl,-z,relro -Wl,-z,now -pie -static -o gpgv gpgv.o build-packet.o compress.o  free-packet.o getkey.o keydb.o keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o progress.o misc.o rmd160.o openfile.o keyid.o parse-packet.o cpr.o plaintext.o sig-check.o keylist.o pkglue.o ecdh.o verify.o ../kbx/libkeybox.a ../common/libcommon.a ../regexp/libregexp.a ../common/libgpgrl.a -lz   -L/usr/lib/i386-gnu -lgcrypt -L/usr/lib/i386-gnu -lgpg-error
[...]
/usr/bin/ld: /usr/lib/i386-gnu/libcrt.a(dl-reloc-static-pie.o): in function `_dl_relocate_static_pie':
(.text+0x31): undefined reference to `_DYNAMIC'

So this is static pie (-pie -static), and I'm getting just the same
issue with a mere int main(void) {} built with -static -pie.


When debugging a bit on Debian Hurd:

$ gcc test.o -o test -pie -static -v
[...]
 /usr/lib/gcc/i686-gnu/12/collect2 -plugin /usr/lib/gcc/i686-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/i686-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/ccR0YAaP.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id -m elf_i386 --hash-style=gnu --as-needed -static -o test /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/Scrt1.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crti.o /usr/lib/gcc/i686-gnu/12/crtbeginT.o -L/usr/lib/gcc/i686-gnu/12 -L/usr/lib/gcc/i686-gnu/12/../../../i386-gnu -L/usr/lib/gcc/i686-gnu/12/../../.. -L/lib/i386-gnu -L/usr/lib/i386-gnu test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/i686-gnu/12/crtend.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crtn.o

So this is using Scrt1.o, which doesn't surprise me since we're linking
with pie. Scrt1.o doesn't define _dl_relocate_static_pie, so I'm not
surprised that the link then pulls dl-reloc-static-pie.o from libc.a,
which thus requires _DYNAMIC, but that's not defined...


Testing this on Debian Linux:

$ gcc test.o -o test -pie -static -v
[...]
 /usr/lib/gcc/x86_64-linux-gnu/12/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/ccHeGHCw.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id -m elf_x86_64 --hash-style=gnu --as-needed -static -o test /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crt1.o /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/12/crtbeginT.o -L/usr/lib/gcc/x86_64-linux-gnu/12 -L/usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/12/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/12/../../.. test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/x86_64-linux-gnu/12/crtend.o /usr/lib/gcc/x86_64-linux-gnu/12/../../../x86_64-linux-gnu/crtn.o

This is using crt1.o rather than Scrt1.o, why?
Since crt1.o defines _dl_relocate_static_pie (to a trivial ret),
dl-reloc-static-pie.o doesn't get pulled and thus no problem there. But
isn't Scrt1.o supposed to be used and _dl_relocate_static_pie supposed
to actually do some work?


Trying the resulting binary of this source:

#include <stdio.h>
int main(void) { printf("%p\n", printf); }

$ ./test
0x4096c0
$ ./test
0x4096c0

so this is actually missing the whole point of using PIE: ASLR. So
something looks completely wrong here?

Samuel

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Xi Ruoyao]

On Sat, 2022-10-22 at 16:06 +0200, Samuel Thibault wrote:
> Hello,
> 
> We're seeing a missing _DYNAMIC symbol here:
> 
> https://buildd.debian.org/status/fetch.php?pkg=gnupg2&arch=hurd-i386&ver=2.2.40-1&stamp=1666261690&raw=0
> 
> which is leaving me completely confused.
> 
> 
> gcc -I/usr/include  -I/usr/include  -Wall -Wno-format-zero-length -
> Wno-pointer-sign -Wpointer-arith -g -O2 -ffile-prefix-
> map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -
> Werror=format-security  -Wl,-z,relro -Wl,-z,now -pie -static -o gpgv
> gpgv.o build-packet.o compress.o  free-packet.o getkey.o keydb.o
> keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o
> progress.o misc.o rmd160.o openfile.o keyid.o parse-packet.o cpr.o
> plaintext.o sig-check.o keylist.o pkglue.o ecdh.o verify.o
> ../kbx/libkeybox.a ../common/libcommon.a ../regexp/libregexp.a
> ../common/libgpgrl.a -lz   -L/usr/lib/i386-gnu -lgcrypt -
> L/usr/lib/i386-gnu -lgpg-error
> [...]
> /usr/bin/ld: /usr/lib/i386-gnu/libcrt.a(dl-reloc-static-pie.o): in
> function `_dl_relocate_static_pie':
> (.text+0x31): undefined reference to `_DYNAMIC'
> 
> So this is static pie (-pie -static)

No it's not.  The GCC option for static PIE is -static-pie (no
whitespace between -static and -pie), not -pie -static.  See the
example:

$ cc hw.c -pie -static
$ file a.out 
a.out: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux),
statically linked, for GNU/Linux 5.19.0, with debug_info, not stripped
$ cc hw.c -static-pie 
$ file a.out
a.out: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux),
static-pie linked, for GNU/Linux 5.19.0, with debug_info, not stripped

> and I'm getting just the same
> issue with a mere int main(void) {} built with -static -pie.
> 
> 
> When debugging a bit on Debian Hurd:
> 
> $ gcc test.o -o test -pie -static -v
> [...]
>  /usr/lib/gcc/i686-gnu/12/collect2 -plugin /usr/lib/gcc/i686-
> gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/i686-gnu/12/lto-
> wrapper -plugin-opt=-fresolution=/tmp/ccR0YAaP.res -plugin-opt=-pass-
> through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-
> through=-lc --build-id -m elf_i386 --hash-style=gnu --as-needed -
> static -o test /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/Scrt1.o
> /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crti.o /usr/lib/gcc/i686-
> gnu/12/crtbeginT.o -L/usr/lib/gcc/i686-gnu/12 -L/usr/lib/gcc/i686-
> gnu/12/../../../i386-gnu -L/usr/lib/gcc/i686-gnu/12/../../.. -
> L/lib/i386-gnu -L/usr/lib/i386-gnu test.o --start-group -lgcc -lgcc_eh
> -lc --end-group /usr/lib/gcc/i686-gnu/12/crtend.o /usr/lib/gcc/i686-
> gnu/12/../../../i386-gnu/crtn.o
> 
> So this is using Scrt1.o

A static PIE should use rcrt1.o.  If you pass the correct -static-pie
option to GCC, GCC will use it.

-- 
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Samuel Thibault]

Hello,

Xi Ruoyao, le sam. 22 oct. 2022 22:25:42 +0800, a ecrit:
> On Sat, 2022-10-22 at 16:06 +0200, Samuel Thibault wrote:
> > https://buildd.debian.org/status/fetch.php?pkg=gnupg2&arch=hurd-i386&ver=2.2.40-1&stamp=1666261690&raw=0
> > 
> > which is leaving me completely confused.
> > 
> > 
> > gcc -I/usr/include  -I/usr/include  -Wall -Wno-format-zero-length -
> > Wno-pointer-sign -Wpointer-arith -g -O2 -ffile-prefix-
> > map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -
> > Werror=format-security  -Wl,-z,relro -Wl,-z,now -pie -static -o gpgv
> > gpgv.o build-packet.o compress.o  free-packet.o getkey.o keydb.o
> > keyring.o seskey.o kbnode.o mainproc.o armor.o mdfilter.o textfilter.o
> > progress.o misc.o rmd160.o openfile.o keyid.o parse-packet.o cpr.o
> > plaintext.o sig-check.o keylist.o pkglue.o ecdh.o verify.o
> > ../kbx/libkeybox.a ../common/libcommon.a ../regexp/libregexp.a
> > ../common/libgpgrl.a -lz   -L/usr/lib/i386-gnu -lgcrypt -
> > L/usr/lib/i386-gnu -lgpg-error
> > 
> > So this is static pie (-pie -static)
> 
> No it's not.  The GCC option for static PIE is -static-pie (no
> whitespace between -static and -pie), not -pie -static.

Oh.

Is it not possible to make -static -pie get the same behavior? That'd be
way more orthogonal for people to understand.

As the gnupg example shows, people seem to be expecting it to be
static-pie, and I don't think documentation will manage to fix that.

> > So this is using Scrt1.o
> 
> A static PIE should use rcrt1.o.  If you pass the correct -static-pie
> option to GCC, GCC will use it.

Ok.

$ gcc test.o -o test -static-pie -v
[...]
 /usr/lib/gcc/i686-gnu/12/collect2 -plugin /usr/lib/gcc/i686-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/i686-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/cclPHnby.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id --eh-frame-hdr -m elf_i386 --hash-style=gnu --as-needed -static -pie --no-dynamic-linker -z text -pie -o test /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crt1.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crti.o /usr/lib/gcc/i686-gnu/12/crtbegin.o -L/usr/lib/gcc/i686-gnu/12 -L/usr/lib/gcc/i686-gnu/12/../../../i386-gnu -L/usr/lib/gcc/i686-gnu/12/../../.. -L/lib/i386-gnu -L/usr/lib/i386-gnu test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/i686-gnu/12/crtendS.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crtn.o

That doesn't seem to have been fixed for the hurd case, I will have
a look (and that will most probably point me to the piece that makes
-static -pie use crt1.o on Linux).

Samuel

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Xi Ruoyao]

On Sat, 2022-10-22 at 16:45 +0200, Samuel Thibault wrote:

/* snip */

> > > So this is static pie (-pie -static)
> > 
> > No it's not.  The GCC option for static PIE is -static-pie (no
> > whitespace between -static and -pie), not -pie -static.
> 
> Oh.
> 
> Is it not possible to make -static -pie get the same behavior? That'd be
> way more orthogonal for people to understand.
> 
> As the gnupg example shows, people seem to be expecting it to be
> static-pie, and I don't think documentation will manage to fix that.

I'm not sure.

> > 
> > A static PIE should use rcrt1.o.  If you pass the correct -static-pie
> > option to GCC, GCC will use it.
> 
> Ok.
> 
> $ gcc test.o -o test -static-pie -v
> [...]
>  /usr/lib/gcc/i686-gnu/12/collect2 -plugin /usr/lib/gcc/i686-gnu/12/liblto_plugin.so -plugin-opt=/usr/lib/gcc/i686-gnu/12/lto-wrapper -plugin-opt=-fresolution=/tmp/cclPHnby.res -plugin-opt=-pass-through=-lgcc -plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --build-id --eh-frame-hdr -m elf_i386 --hash-style=gnu --as-needed -static -pie --no-dynamic-linker -z text -pie -o test /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crt1.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crti.o /usr/lib/gcc/i686-gnu/12/crtbegin.o -L/usr/lib/gcc/i686-gnu/12 -L/usr/lib/gcc/i686-gnu/12/../../../i386-gnu -L/usr/lib/gcc/i686-gnu/12/../../.. -L/lib/i386-gnu -L/usr/lib/i386-gnu test.o --start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/i686-gnu/12/crtendS.o /usr/lib/gcc/i686-gnu/12/../../../i386-gnu/crtn.o
> 
> That doesn't seem to have been fixed for the hurd case, I will have
> a look (and that will most probably point me to the piece that makes
> -static -pie use crt1.o on Linux).

Hmm, I don't have a Hurd.  On a Linux though:

$ cc hw.c -v -static-pie 2>&1 | grep collect2
 /usr/libexec/gcc/x86_64-pc-linux-gnu/12.2.0/collect2 -plugin
/usr/libexec/gcc/x86_64-pc-linux-gnu/12.2.0/liblto_plugin.so -plugin-
opt=/usr/libexec/gcc/x86_64-pc-linux-gnu/12.2.0/lto-wrapper -plugin-
opt=-fresolution=/tmp/ccZqWxf9.res -plugin-opt=-pass-through=-lgcc -
plugin-opt=-pass-through=-lgcc_eh -plugin-opt=-pass-through=-lc --eh-
frame-hdr -m elf_x86_64 -static -pie --no-dynamic-linker -z text -pie
/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.0/../../../../lib/rcrt1.o 
                                                        ^^^^^^^
/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.0/../../../../lib/crti.o
/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.0/crtbeginS.o -
L/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.0 -L/usr/lib/gcc/x86_64-pc-linux-
gnu/12.2.0/../../../../lib -L/lib/../lib -L/usr/lib/../lib -
L/usr/lib/gcc/x86_64-pc-linux-gnu/12.2.0/../../.. /tmp/ccMPRUc3.o --
start-group -lgcc -lgcc_eh -lc --end-group /usr/lib/gcc/x86_64-pc-linux-
gnu/12.2.0/crtendS.o /usr/lib/gcc/x86_64-pc-linux-
gnu/12.2.0/../../../../lib/crtn.o

What does

  gcc -dumpspecs | grep 'startfile:' -A1

say on Hurd?

-- 
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Samuel Thibault]

Xi Ruoyao, le dim. 23 oct. 2022 10:08:34 +0800, a ecrit:
> On Sat, 2022-10-22 at 16:45 +0200, Samuel Thibault wrote:
> > Is it not possible to make -static -pie get the same behavior? That'd be
> > way more orthogonal for people to understand.
> > 
> > As the gnupg example shows, people seem to be expecting it to be
> > static-pie, and I don't think documentation will manage to fix that.
> 
> I'm not sure.

It would be really useful to it works, because I see that e.g. on a
pie-by-default distribution such as Debian, when linking with just
-static, we don't get the static-pie benefit, even if the distribution
already enabled pie by default to benefit from ASLR. I.e. we don't
automatically benefit from static-pie's ASLR for static binaries, and
fixing that would be very tedious since it'd mean having to fix each and
every package with static binaries into using -static-pie instead of
-static.

> > That doesn't seem to have been fixed for the hurd case, I will have
> > a look (and that will most probably point me to the piece that makes
> > -static -pie use crt1.o on Linux).
> 
[...]
> What does
> 
>   gcc -dumpspecs | grep 'startfile:' -A1
> 
> say on Hurd?

It was

*startfile:
%{!shared: %{pg|p|profile:%{static:gcrt0.o%s;:gcrt1.o%s};pie:Scrt1.o%s;static:crt0.o%s;:crt1.o%s}}    crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}

I have now fixed it into

*startfile:
%{!shared: %{pg|p|profile:%{static-pie:grcrt0.o%s;static:gcrt0.o%s;:gcrt1.o%s};static-pie:rcrt0.o%s;static:crt0.o%s;pie:Scrt1.o%s;:crt1.o%s}}    crti.o%s %{static:crtbeginT.o%s;shared|pie|static-pie:crtbeginS.o%s;:crtbegin.o%s}

see the patch I have just sent on gcc-patches.

Thanks,
Samuel

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Florian Weimer]

* Samuel Thibault:

> Is it not possible to make -static -pie get the same behavior? That'd be
> way more orthogonal for people to understand.

I think you want -static to mean -static-pie if GCC defaults to PIE,
right?

That will break a few things that use gcc -static to build binaries for
quasi-bare-metal targets using the GNU ELF toolchain (where glibc's
startup code is not use).  Overall it might still be the better
trade-off.

Thanks,
Florian

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Samuel Thibault]

Florian Weimer, le lun. 24 oct. 2022 12:11:03 +0200, a ecrit:
> * Samuel Thibault:
> 
> > Is it not possible to make -static -pie get the same behavior? That'd be
> > way more orthogonal for people to understand.
> 
> I think you want -static to mean -static-pie if GCC defaults to PIE,
> right?

That would actually provide the pie benefit automatically for all
static executable, yes. Otherwise static pie will be a nice thing, but
not actually largely used in practice. And most people won't actually
realize it.

> That will break a few things that use gcc -static to build binaries for
> quasi-bare-metal targets using the GNU ELF toolchain (where glibc's
> startup code is not use).

But then the piece which is saying that glibc's startup code is not in
use can be fixed into not using static-pie, can't it?

Samuel

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Florian Weimer]

* Samuel Thibault:

> Florian Weimer, le lun. 24 oct. 2022 12:11:03 +0200, a ecrit:
>> * Samuel Thibault:
>> 
>> > Is it not possible to make -static -pie get the same behavior? That'd be
>> > way more orthogonal for people to understand.
>> 
>> I think you want -static to mean -static-pie if GCC defaults to PIE,
>> right?
>
> That would actually provide the pie benefit automatically for all
> static executable, yes. Otherwise static pie will be a nice thing, but
> not actually largely used in practice. And most people won't actually
> realize it.

That's true.

Fedora uses a specs file fragment that turns -static into -static-pie
under certain conditions.

>> That will break a few things that use gcc -static to build binaries for
>> quasi-bare-metal targets using the GNU ELF toolchain (where glibc's
>> startup code is not use).
>
> But then the piece which is saying that glibc's startup code is not in
> use can be fixed into not using static-pie, can't it?

In theory, yes.  How hard it will be depends on the specs file change
for --enable-default-pie.

Thanks,
Florian

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 1589 bytes --]

On 24 Oct 2022 13:12, Florian Weimer via Libc-alpha wrote:
> * Samuel Thibault:
> > Florian Weimer, le lun. 24 oct. 2022 12:11:03 +0200, a ecrit:
> >> * Samuel Thibault:
> >> 
> >> > Is it not possible to make -static -pie get the same behavior? That'd be
> >> > way more orthogonal for people to understand.
> >> 
> >> I think you want -static to mean -static-pie if GCC defaults to PIE,
> >> right?
> >
> > That would actually provide the pie benefit automatically for all
> > static executable, yes. Otherwise static pie will be a nice thing, but
> > not actually largely used in practice. And most people won't actually
> > realize it.
> 
> That's true.
> 
> Fedora uses a specs file fragment that turns -static into -static-pie
> under certain conditions.
> 
> >> That will break a few things that use gcc -static to build binaries for
> >> quasi-bare-metal targets using the GNU ELF toolchain (where glibc's
> >> startup code is not use).
> >
> > But then the piece which is saying that glibc's startup code is not in
> > use can be fixed into not using static-pie, can't it?
> 
> In theory, yes.  How hard it will be depends on the specs file change
> for --enable-default-pie.

i don't see a problem with -static DTRT.  people abusing a compiler for a
target it wasn't designed for means they get the pieces.  it's not like
they're using -static in the first place to pull in the C library & gcc
internal libs (which also depend/assume the corresponding OS & C lib).

plus, -static -no-pie would get you back to a non-PIE static binary.
-mike

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: static pie: confusion between _DYNAMIC, crt1.o, Scrt1.o

[Florian Weimer]

* Mike Frysinger via Libc-alpha:

> On 24 Oct 2022 13:12, Florian Weimer via Libc-alpha wrote:
>> * Samuel Thibault:
>> > Florian Weimer, le lun. 24 oct. 2022 12:11:03 +0200, a ecrit:
>> >> * Samuel Thibault:
>> >> 
>> >> > Is it not possible to make -static -pie get the same behavior? That'd be
>> >> > way more orthogonal for people to understand.
>> >> 
>> >> I think you want -static to mean -static-pie if GCC defaults to PIE,
>> >> right?
>> >
>> > That would actually provide the pie benefit automatically for all
>> > static executable, yes. Otherwise static pie will be a nice thing, but
>> > not actually largely used in practice. And most people won't actually
>> > realize it.
>> 
>> That's true.
>> 
>> Fedora uses a specs file fragment that turns -static into -static-pie
>> under certain conditions.
>> 
>> >> That will break a few things that use gcc -static to build binaries for
>> >> quasi-bare-metal targets using the GNU ELF toolchain (where glibc's
>> >> startup code is not use).
>> >
>> > But then the piece which is saying that glibc's startup code is not in
>> > use can be fixed into not using static-pie, can't it?
>> 
>> In theory, yes.  How hard it will be depends on the specs file change
>> for --enable-default-pie.
>
> i don't see a problem with -static DTRT.  people abusing a compiler for a
> target it wasn't designed for means they get the pieces.  it's not like
> they're using -static in the first place to pull in the C library & gcc
> internal libs (which also depend/assume the corresponding OS & C lib).
>
> plus, -static -no-pie would get you back to a non-PIE static binary.

The last part depends on the specs file, it has to be put there
explicitly I think.  And perhaps -Wl,-no-pie as well?

Maybe also do -no-pie implicitly with -static -nostartfiles?

Thanks,
Florian