Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Mar 2015 18:05:24 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: "CERT(R) Coordination Center" <cert@...t.org>
Subject: Re: Vendor adoption of PIE INFO#934476 oss-security

On Thu, Mar 12, 2015 at 08:31:42PM -0700, Nick Kralevich wrote:
> I wanted to provide a followup on this year-old thread.

Thank you!

> With the release of Android 5.0, Android has removed support for
> non-PIE binaries [1] [2]. Attempting to run a non-PIE binary will
> generate an error on Android. In this way, we ensure that all binaries
> take full advantage of Android's ASLR implementation.
> 
> This is just one of the many security enhancements added in Android
> 5.*, and one that I hope other Linux distributions will pick up.
> 
> [1] https://source.android.com/devices/tech/security/enhancements/enhancements50.html
> [2] https://android.googlesource.com/platform/bionic/+/76e289c026f11126fc88841b3019fd5bb419bb67

I brought this to Twitter, and here's a comment by Rich Felker:

<solardiz> Android 5.0 "has removed support for non-PIE binaries. Attempting to run a non-PIE binary will generate an error" http://www.openwall.com/lists/oss-security/2015/03/13/1
<@...hFelker> @solardiz Guess that means no emacs on Android...
<@...ardiz> @RichFelker Why, can't one build Emacs as PIE?
<@...hFelker> @solardiz The whole dumper issue. The final emacs binary is a dump of an emacs with a lisp heap full of pointers and no relocation data.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ