Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 13 Mar 2015 13:19:32 -0400
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Vendor adoption of PIE INFO#934476 oss-security

On 13/03/15 11:05 AM, Solar Designer wrote:
> On Thu, Mar 12, 2015 at 08:31:42PM -0700, Nick Kralevich wrote:
>> I wanted to provide a followup on this year-old thread.
> 
> Thank you!
> 
>> With the release of Android 5.0, Android has removed support for
>> non-PIE binaries [1] [2]. Attempting to run a non-PIE binary will
>> generate an error on Android. In this way, we ensure that all binaries
>> take full advantage of Android's ASLR implementation.
>>
>> This is just one of the many security enhancements added in Android
>> 5.*, and one that I hope other Linux distributions will pick up.
>>
>> [1] https://source.android.com/devices/tech/security/enhancements/enhancements50.html
>> [2] https://android.googlesource.com/platform/bionic/+/76e289c026f11126fc88841b3019fd5bb419bb67

Sadly, PIE is much less useful on Android right now. Every app and many
services are spawned from an initial zygote process without an exec, so
nearly everything has the same ASLR bases. It is great to see progress
in this space though. I hope to see the zygote process go away now that
ART and modern hardware makes it much less necessary - especially if a
process (or a pool) is pre-spawned during idle time.

AFAIK, the change forbidding non-PIE binaries was backed out for the
official 5.0 release
(https://android.googlesource.com/platform/bionic/+/d81b3b275dff99561cbe5905ca63a1c72fa54a17).
I guess that was fixed in 5.1? I haven't looked into it yet.

> I brought this to Twitter, and here's a comment by Rich Felker:
> 
> <solardiz> Android 5.0 "has removed support for non-PIE binaries. Attempting to run a non-PIE binary will generate an error" http://www.openwall.com/lists/oss-security/2015/03/13/1
> <@RichFelker> @solardiz Guess that means no emacs on Android...
> <@solardiz> @RichFelker Why, can't one build Emacs as PIE?
> <@RichFelker> @solardiz The whole dumper issue. The final emacs binary is a dump of an emacs with a lisp heap full of pointers and no relocation data.

FWIW, I think various distributions are going to enable it once the PIE
by default patches land:

https://www.mail-archive.com/gcc-patches@gcc.gnu.org/msg105030.html

There has been no luck getting someone to review them, so they missed
the GCC 5 freeze deadline despite being ready before then.

I proposed that we enable it by default on Arch via wrapper scripts, but
it was rejected in favour of waiting for this patch to land. An OpenSUSE
developer also voiced interest in the patches on the GCC mailing list.
It just needs a committer who feels like reviewing it.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.