Harden_all_packages_with_position-independent_code + guile modules
ajax at redhat.com
Mon Mar 16 17:24:19 UTC 2015
On Fri, 2015-03-13 at 12:14 +0100, Florian Weimer wrote:
> On 03/12/2015 03:41 PM, Adam Jackson wrote:
> > We may want to revisit this, honestly. The actual proposal was just to
> > build executables as PIE, right? Forcing -z now is a bit more than
> > maybe was expected.
> People tell conflicting things about PIE. I have asked essentially the
> same thing, and I was told, no, PIE itself alters symbol resolution. Is
> this true or not?
PIE does alter symbol resolution, though not in a particularly big way.
In a normal executable, taking the address of a global function takes
the address of the definition found in the executable itself, if any; in
a PIE, you take the address of the first definition found by the runtime
linker. Normally that's not a correctness issue since the executable
usually ends up as the first object searched, but it does mean an
LD_PRELOAD can override more symbols than it used to because the
(now-PIE) executable is importing more symbols than before.
More information about the devel