| 1 |
>> based on the maps files, both cactid and nagios are PIEs. two questions: |
| 2 |
>> are they the only PIEs on this system (that regularly run, that is) and |
| 3 |
>> do you have PIEs on the other systems that don't show the symptomps? |
| 4 |
> |
| 5 |
> I'm using the hardened/x86/2.6 profile which enables the pic use flag. |
| 6 |
> Here's where my understanding gets hazy. PIC != PIE, but the two are |
| 7 |
> related in that PIC creates position independent code, but not for |
| 8 |
> executables? Anyways, how would I check? |
| 9 |
|
| 10 |
Reading some wikipedia on this now to try and understand it a little |
| 11 |
better, but it didn't give me any insight as to how to read the maps |
| 12 |
file to determine whether or not it was a pie. |
| 13 |
|
| 14 |
I re-emerged cacti-cactid and did not see pic or pie in the output at |
| 15 |
all. Is that just enabled by default by the compiler? It looks like it. |
| 16 |
|
| 17 |
|
| 18 |
More details: |
| 19 |
|
| 20 |
tux-mc hardened # gcc -v |
| 21 |
Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/specs |
| 22 |
Configured with: |
| 23 |
/var/tmp/portage/sys-devel/gcc-3.4.6-r2/work/gcc-3.4.6/configure |
| 24 |
--prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.6 |
| 25 |
--includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include |
| 26 |
--datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6 |
| 27 |
--mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/man |
| 28 |
--infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/info |
| 29 |
--with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include/g++-v3 |
| 30 |
--host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec |
| 31 |
--enable-nls --without-included-gettext --with-system-zlib |
| 32 |
--disable-checking --disable-werror --enable-secureplt |
| 33 |
--disable-libunwind-exceptions --disable-multilib --disable-libgcj |
| 34 |
--enable-languages=c,c++ --enable-shared --enable-threads=posix |
| 35 |
--enable-__cxa_atexit --enable-clocale=gnu |
| 36 |
Thread model: posix |
| 37 |
gcc version 3.4.6 (Gentoo Hardened 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10) |
| 38 |
|
| 39 |
tux-mc hardened # equery hasuse pic |
| 40 |
[ Searching for USE flag pic in all categories among: ] |
| 41 |
* installed packages |
| 42 |
[I--] [ ] dev-lang/php-5.2.4_p20070914-r2 (5) |
| 43 |
[I--] [ ] app-arch/gzip-1.3.12 (0) |
| 44 |
|
| 45 |
tux-mc hardened # emerge --info |
| 46 |
Portage 2.1.3.16 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, |
| 47 |
2.6.22-hardened-r8 i686) |
| 48 |
================================================================= |
| 49 |
System uname: 2.6.22-hardened-r8 i686 Intel(R) Xeon(TM) CPU 2.80GHz |
| 50 |
Timestamp of tree: Sat, 03 Nov 2007 06:00:01 +0000 |
| 51 |
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) |
| 52 |
[disabled] |
| 53 |
ccache version 2.4 [enabled] |
| 54 |
app-shells/bash: 3.2_p17 |
| 55 |
dev-lang/python: 2.4.4-r6 |
| 56 |
dev-python/pycrypto: 2.0.1-r6 |
| 57 |
dev-util/ccache: 2.4-r7 |
| 58 |
sys-apps/baselayout: 1.12.9-r2 |
| 59 |
sys-apps/sandbox: 1.2.18.1-r2 |
| 60 |
sys-devel/autoconf: 2.13, 2.61-r1 |
| 61 |
sys-devel/automake: 1.7.9-r1, 1.10 |
| 62 |
sys-devel/binutils: 2.18-r1 |
| 63 |
sys-devel/gcc-config: 1.3.16 |
| 64 |
sys-devel/libtool: 1.5.24 |
| 65 |
virtual/os-headers: 2.6.22-r2 |
| 66 |
ACCEPT_KEYWORDS="x86" |
| 67 |
CBUILD="i686-pc-linux-gnu" |
| 68 |
CFLAGS="-march=pentium4 -O2 -pipe -fforce-addr" |
| 69 |
CHOST="i686-pc-linux-gnu" |
| 70 |
CONFIG_PROTECT="/etc" |
| 71 |
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/hotplug /etc/hotplug.d |
| 72 |
/etc/init.d /etc/php/apache2-php5/ext-active/ |
| 73 |
/etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ |
| 74 |
/etc/revdep-rebuild /etc/terminfo /etc/udev /etc/udev/rules.d" |
| 75 |
CXXFLAGS="-march=pentium4 -O2 -pipe -fforce-addr" |
| 76 |
DISTDIR="/mnt/build/distfiles" |
| 77 |
EMERGE_DEFAULT_OPTS="--nospinner" |
| 78 |
FEATURES="buildpkg ccache collision-protect metadata-transfer sandbox |
| 79 |
sfperms strict unmerge-orphans userfetch" |
| 80 |
GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/ |
| 81 |
ftp://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.tds.net/gentoo |
| 82 |
ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.osuosl.org/ |
| 83 |
ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ |
| 84 |
http://distro.ibiblio.org/pub/linux/distributions/gentoo/ |
| 85 |
http://distfiles.gentoo.org" |
| 86 |
MAKEOPTS="-j5" |
| 87 |
PKGDIR="/mnt/build/packages" |
| 88 |
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
| 89 |
--compress --force --whole-file --delete --delete-after --stats |
| 90 |
--timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages |
| 91 |
--filter=H_**/files/digest-*" |
| 92 |
PORTAGE_TMPDIR="/var/tmp" |
| 93 |
PORTDIR="/mnt/build/portage" |
| 94 |
PORTDIR_OVERLAY="/mnt/build/portage-local" |
| 95 |
SYNC="rsync://rsync.gentoo.org/gentoo-portage" |
| 96 |
USE="acl acpi apache2 bash-completion berkdb bzip2 caps chroot cracklib |
| 97 |
crypt erandom fam gmp gpm hardened jpeg lm_sensors logrotate maildir mmx |
| 98 |
ncurses nls nptl pam pcre perl pic png python readline smp snmp sse sse2 |
| 99 |
ssl syslog tcpd threads vhosts x86 xattr xml xpm" ALSA_CARDS="ali5451 |
| 100 |
als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x |
| 101 |
ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m |
| 102 |
maestro3 trident usb-audio via82xx via82xx-modem ymfpci" |
| 103 |
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug |
| 104 |
file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null |
| 105 |
plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse |
| 106 |
keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk |
| 107 |
hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" |
| 108 |
VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 |
| 109 |
imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge |
| 110 |
savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga |
| 111 |
via vmware voodoo" |
| 112 |
Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, |
| 113 |
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS |
Archives