Harden_all_packages_with_position-independent_code + guile modules

Adam Jackson ajax at redhat.com
Mon Mar 16 17:24:19 UTC 2015

On Fri, 2015-03-13 at 12:14 +0100, Florian Weimer wrote:
> On 03/12/2015 03:41 PM, Adam Jackson wrote:
> > We may want to revisit this, honestly.  The actual proposal was just to
> > build executables as PIE, right?  Forcing -z now is a bit more than
> > maybe was expected.
> People tell conflicting things about PIE.  I have asked essentially the
> same thing, and I was told, no, PIE itself alters symbol resolution.  Is
> this true or not?

PIE does alter symbol resolution, though not in a particularly big way.
In a normal executable, taking the address of a global function takes
the address of the definition found in the executable itself, if any; in
a PIE, you take the address of the first definition found by the runtime
linker.  Normally that's not a correctness issue since the executable
usually ends up as the first object searched, but it does mean an
LD_PRELOAD can override more symbols than it used to because the
(now-PIE) executable is importing more symbols than before.

- ajax

More information about the devel mailing list