| 1 |
On Mon, Jan 23, 2012 at 20:22, Diego Elio Pettenò <flameeyes@g.o>wrote: |
| 2 |
> |
| 3 |
> Is it because of PIE alone or ASLR? Just curious it doesn't make much |
| 4 |
> difference to me. |
| 5 |
> |
| 6 |
|
| 7 |
When ASLR is turned on, the .text section of executables compiled with PIE |
| 8 |
is given a randomized base address. When ASLR is off or when PIE is not |
| 9 |
used, the base address is predictable, so it's easy to find where to write |
| 10 |
into. |
| 11 |
|
| 12 |
|
| 13 |
> Here's the trick: it's hard to decide what to compile PIE and what not |
| 14 |
> because we generally don't split the build for the two. I guess a good |
| 15 |
> point here could be made to build _everything_ PIE, but it can be tricky |
| 16 |
> (at least hotot seem not to work on a PIE system). |
| 17 |
> |
| 18 |
|
| 19 |
Doesn't portage already have a check on SUID executables where it checks to |
| 20 |
see if they meet a certain standard and also strips them of read |
| 21 |
capabilities? Couldn't we just add a Q&A blurb to this, so that if any SUID |
| 22 |
executables are merged that aren't PIE, there's a nice yellow warning? And |
| 23 |
then gradually package maintainers would add the required patches? |
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
It would be also a good idea to resume working on the file-based |
| 28 |
> capabilities, dropping suid altogether. |
| 29 |
> |
| 30 |
|
| 31 |
Of course. But, different discussion. |
Archives