Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Mar 2015 18:05:24 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: "CERT(R) Coordination Center" <cert@...t.org>
Subject: Re: Vendor adoption of PIE INFO#934476 oss-security

On Thu, Mar 12, 2015 at 08:31:42PM -0700, Nick Kralevich wrote:
> I wanted to provide a followup on this year-old thread.

Thank you!

> With the release of Android 5.0, Android has removed support for
> non-PIE binaries [1] [2]. Attempting to run a non-PIE binary will
> generate an error on Android. In this way, we ensure that all binaries
> take full advantage of Android's ASLR implementation.
> 
> This is just one of the many security enhancements added in Android
> 5.*, and one that I hope other Linux distributions will pick up.
> 
> [1] https://source.android.com/devices/tech/security/enhancements/enhancements50.html
> [2] https://android.googlesource.com/platform/bionic/+/76e289c026f11126fc88841b3019fd5bb419bb67

I brought this to Twitter, and here's a comment by Rich Felker:

<solardiz> Android 5.0 "has removed support for non-PIE binaries. Attempting to run a non-PIE binary will generate an error" http://www.openwall.com/lists/oss-security/2015/03/13/1
<@RichFelker> @solardiz Guess that means no emacs on Android...
<@solardiz> @RichFelker Why, can't one build Emacs as PIE?
<@RichFelker> @solardiz The whole dumper issue. The final emacs binary is a dump of an emacs with a lisp heap full of pointers and no relocation data.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.