Harden_all_packages_with_position-independent_code + guile modules
jakub at redhat.com
Mon Mar 16 17:31:16 UTC 2015
On Mon, Mar 16, 2015 at 01:24:19PM -0400, Adam Jackson wrote:
> On Fri, 2015-03-13 at 12:14 +0100, Florian Weimer wrote:
> > On 03/12/2015 03:41 PM, Adam Jackson wrote:
> > > We may want to revisit this, honestly. The actual proposal was just to
> > > build executables as PIE, right? Forcing -z now is a bit more than
> > > maybe was expected.
> > People tell conflicting things about PIE. I have asked essentially the
> > same thing, and I was told, no, PIE itself alters symbol resolution. Is
> > this true or not?
> PIE does alter symbol resolution, though not in a particularly big way.
> In a normal executable, taking the address of a global function takes
> the address of the definition found in the executable itself, if any; in
> a PIE, you take the address of the first definition found by the runtime
> linker. Normally that's not a correctness issue since the executable
> usually ends up as the first object searched, but it does mean an
> LD_PRELOAD can override more symbols than it used to because the
> (now-PIE) executable is importing more symbols than before.
??? PIE is the first object in symbol search scope, before LD_PRELOAD,
identically to normal executables.
More information about the devel