| 1 |
On 3 Nov 2007 at 23:00, Brian Kroth wrote: |
| 2 |
|
| 3 |
> Reading some wikipedia on this now to try and understand it a little |
| 4 |
> better, but it didn't give me any insight as to how to read the maps |
| 5 |
> file to determine whether or not it was a pie. |
| 6 |
|
| 7 |
watch out for the main executable mapping's base address. the i386 ELF |
| 8 |
ABI says that it's at 0x08048000 whereas a PIE appears as a shared lib |
| 9 |
to the kernel (that normally has a 0 link time base address) and the |
| 10 |
kernel is free to place it anywhere it wants to. short of ASLR, it'll |
| 11 |
choose TASK_SIZE/3 which on a normal i386 config works out to be |
| 12 |
0x40000000 - and that's exactly where you see your nagios/cactid. |
| 13 |
|
| 14 |
-- |
| 15 |
gentoo-hardened@g.o mailing list |
Archives