| 1 |
On Mon, 18 Dec 2006 11:55:31 +0100 (CET) |
| 2 |
"Peter S. Mazinger" <ps.m@×××.net> wrote: |
| 3 |
|
| 4 |
> On Tue, 12 Dec 2006, Alexander Gabert wrote: |
| 5 |
> |
| 6 |
> > Kevin: this is the build failures, i would have made them end up |
| 7 |
> > adding into bugzilla but one of us both wasn't awake. |
| 8 |
> > |
| 9 |
> > PSM: if you're reading up: i don't have a clue. |
| 10 |
> > |
| 11 |
> > In the meantime, working with bugs.g.o. it's getting a real hassle, |
| 12 |
> > so can someone please kick that pos in the shins so we can work on |
| 13 |
> > bugs again? TIA |
| 14 |
> > |
| 15 |
> > I think we should have a talk or two and maybe a test case for |
| 16 |
> > building that libiberty on all arches with either PIC or PIE code. |
| 17 |
> > I honestly don't care howe we build it, i just want it to work on |
| 18 |
> > all Gentoo supported arches for hardened. |
| 19 |
> > |
| 20 |
> > For those of you having issues with the file: here is the log for |
| 21 |
> > pitr and miranda: |
| 22 |
> > |
| 23 |
> > http://dev.gentoo.org/~pappy/tmp/amd64-pie-libiberty-failure.txt |
| 24 |
> |
| 25 |
> It seems some of you are mixing up PIC and PIE. For the record, there |
| 26 |
> are no PIE libraries and if you want to run a hardened box where each |
| 27 |
> file is text relocation free, then you have to compile all code that |
| 28 |
> goes to libraries (even into lib*.a) with -fPIC|-fpic. To quickly |
| 29 |
> check this statement, compile some object with -fPIE, put into libx.a |
| 30 |
> and compile a shared lib with -fPIC using code from libx.a. readelf |
| 31 |
> -d shared_lib | grep TEXTREL. |
| 32 |
|
| 33 |
Agreed - however lib*.a are not generally used to build shared |
| 34 |
libraries; they're mostly for building static binaries. Gcc deals |
| 35 |
with libiberty (normally) by building a pic version (libiberty_pic.a) |
| 36 |
for linking to shared libraries when it needs to. We do mess that up, |
| 37 |
I think - I'm still looking into that. |
| 38 |
|
| 39 |
> The pie patches compile everything with -fPIE unless -fPIC was used, |
| 40 |
> the app itself has to take care (and most apps using libtool do it by |
| 41 |
> using -fPIC -DPIC) that code that goes into libs is -fPIC compiled. |
| 42 |
> libtool fails only in cases where configure does not recognize |
| 43 |
> correctly the target (thats why gnuconfig_update/libtoolize are |
| 44 |
> needed). |
| 45 |
> |
| 46 |
> Some will argue, that it does not make sense to compile code in |
| 47 |
> lib*.a with -fPIC. Those shouldn't use hardened, because they end up |
| 48 |
> with text relocations and a hardened box should block text |
| 49 |
> relocations either in kernel (PaX feature) or libc (possible with |
| 50 |
> uClibc, but not glibc) |
| 51 |
|
| 52 |
I think it's more complicated than that. What should go into a lib*.a |
| 53 |
archive depends on how it's going to be used. If it's going to be used |
| 54 |
to build a shared library, then as you say the code needs to be PIC - |
| 55 |
however this is rare (examples are libc_*nonshared.a). If it's being |
| 56 |
used to build a non-PIE executable - which usually means building a |
| 57 |
static executable - then the code needs to be normal (non-PIC). If |
| 58 |
it's going to be used to build a (PIE) executable, the code needs to be |
| 59 |
PIE - in practice this is very rare, since linking to lib*.a instead |
| 60 |
of lib*.so means building static binaries, and that's not sensible |
| 61 |
when building PIEs as by definition they need the dynamic loader. |
| 62 |
|
| 63 |
Strictly speaking, on a hardened system, the -vanilla and -hardenednopie |
| 64 |
compiler cannot be guaranteed to generate working executables - indeed |
| 65 |
it creates garbage on sparc (x86 seems to be more forgiving; you can mix |
| 66 |
PIE objects into a non-PIE executable and they appear to work). |
| 67 |
|
| 68 |
I'm working on a sane solution to this problem using ABIs, but it's |
| 69 |
quite involved, and it's quite a departure from what we currently do. |
| 70 |
Once I have my thoughts clear, I'll post a proposal. |
| 71 |
|
| 72 |
For the moment, however, we can continue as we did before, but |
| 73 |
highlight that -vanilla and -hardenednopie may not generate working |
| 74 |
executables. Mostly this affects bootloaders, and things like |
| 75 |
static busybox. |
| 76 |
|
| 77 |
-- |
| 78 |
Kevin F. Quinn |
Archives