Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 May 2013 08:51:39 +0200 (CEST)
From: Gilles Espinasse <g.esp@...e.fr>
To: owl-dev@...ts.openwall.com
Subject: Re: PIE on x86_64



----- Mail original -----
> De: "Gilles Espinasse" <g.esp@...e.fr>
> À: owl-dev@...ts.openwall.com
> Envoyé: Samedi 27 Avril 2013 11:59:48
> Objet: Re: [owl-dev] PIE on x86_64
> 
> 
> 
> ----- Mail original -----
> > De: "Rich Felker" <dalias@...ifal.cx>
> > À: owl-dev@...ts.openwall.com
> > Envoyé: Samedi 27 Avril 2013 03:48:46
> > Objet: Re: [owl-dev] PIE on x86_64
> > 
> > On Sat, Apr 27, 2013 at 02:14:05AM +0800, Pavel Labushev wrote:
> > > On Fri, 12 Apr 2013 22:26:58 +0400
> > > Solar Designer <solar@...nwall.com> wrote:
> > > 
...
> > 
> > Unfortunately changing the compiler defaults can break things in
> > subtle ways. The most common breakage I'm aware of from making pie
> > the default occurs in packages with assembler source files that are
> > written in non-pic-compatible ways. These will turn into TEXTRELs
> > in
> > the pie binary, which depending on the arch, may just result in
> > heavy
> > runtime bloat (e.g. on 32-bit x86) or produce an error at link time
> > (e.g. on x86_64). I seem to recall a user running into this issue
> > in
> > OpenSSL...
> > 
> > Rich
> > 
> Not a big issue in practice actually. textrel are detected using
> -Wl,--warn-shared-textrel -Wl,--fatal-warnings in the hardened
> patch.
>  
> Compiling actually a 32-bit x86 distrib with a hardened gcc-4.4.5 (no
> fancy X packages), the issues during compilation that remain are
> workaround with :
> - for gnupg-1.4, for psmisc
> LDFLAGS    += -pie
> 
In fact I am wrong, I have TEXTREL in
/usr/bin/fuser
/usr/bin/gpg (1.4.13)

Gilles

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ