Re: Security and PAX

To: netbsd-users%netbsd.org@localhost
Subject: Re: Security and PAX
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 7 Jun 2015 18:59:31 +0000 (UTC)

In article <20150607170425.GE67497%nordend.local.sourire.ch@localhost>,
 <rhino64%epost.ch@localhost> wrote:
>
>However, when compiled statically the link stage fails (as you can see).
>--------------------------------------------------------------------
>virtualisation# cc -fpie -Wl,-pie -Wl,-static -fPIC testASLR.c
>ld: /usr/lib/libc.a(tls.o): relocation R_X86_64_32 against `.rodata'
>can not be used when making a shared object; recompile with -fPIC
>/usr/lib/libc.a: could not read symbols: Bad value
>--------------------------------------------------------------------
>
>Is it possible to compile a program fully statically and use PIE?

Yes, but...

$ cc -static -Wl,-I/libexec/ld.elf_so -fpie -Wl,-pie pie.c -lc_pic

1. Our specs are broken for static and you need to explicitly specify
   the interpreter
2. You need to link against the pic version of libc

$ file ./a.out
./a.out: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /libexec/ld.elf_so, for NetBSD 7.99.16, not stripped

And it is not a "statically linked" binary.

$ ldd ./a.out
./a.out:

But it does not depend on any shared libraries, other than the dynamic
linker itself...

christos

Follow-Ups:
- Re: Security and PAX
  - From: rhino64

References:
- Re: Security and PAX
  - From: rhino64
- Re: Security and PAX
  - From: Christos Zoulas
- Re: Security and PAX
  - From: Christos Zoulas
- Re: Security and PAX
  - From: rhino64

Prev by Date: Re: Security and PAX
Next by Date: RE: issues with LSI 9260
Previous by Thread: Re: Security and PAX
Next by Thread: Re: Security and PAX
Indexes:

Home | Main Index | Thread Index | Old Index