Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts

[Avi Kivity <avi@redhat.com>]

On 11/20/2011 07:34 PM, Blue Swirl wrote:
> On Sun, Nov 20, 2011 at 09:11, Avi Kivity <avi@redhat.com> wrote:
> > On 11/15/2011 08:12 PM, Avi Kivity wrote:
> >> Change the default on x86 Linux hosts to building PIE (position
> >> independent executables); instead of restricting the option to
> >> user-only targets, apply it to all targets.
> >>
> >> In addition, set the relocation sections to read-only (relro) when
> >> available; this reduces the attack surface by disallowing changes to
> >> relocation tables at runtime.
> >>
> >> While PIE reduces performance and relro increases load time, it
> >> greatly improves security, with the potential to reduce a code
> >> execution vulnerability to a self denial of service.
> >>
> >> Non-x86 are not changed, as they require TCG changes; neither are
> >> non-Linux, due to lack of test coverage.
> >>
> >>
> >
> > Ping.
>
> I tested the patch on OpenBSD 5.0/Sparc64 with --enable-pie, but the
> resulting executables crash immediately. Maybe the PIE binaries are
> not supported by the Sparc64 kernel or ld.so, some PIE support was
> added in 4.4.

That's fine, we're off by default there.

> It looks like the support for PIE executables was only added to GDB
> 7.1. For example Debian stable:
>
> GNU gdb (GDB) 7.0.1-debian
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Attaching to process 2092
>
> warning: The current binary is a PIE (Position Independent Executable), which
> GDB does NOT currently support.  Most debugger features will fail if used
> in this session.
>
> Reading symbols from /src/qemu/obj-amd64/i386-softmmu/qemu-system-i386...done.
> 0x00007f6f08ccf8d3 in ?? ()
> (gdb) b do_interrupt
> Cannot access memory at address 0x2136c0
>
> Perhaps developers or users inclined to debug can be assumed to have a
> recent GDB. Though on OpenBSD, GDB is pretty old 6.3.

IMO the advantages in security are greater than the disadvantages in
comfort.  You can always use --disable-pie if you find your debugger
doesn't support it, but you can't --enable-pie if you've been breached.

> Another issue is that this creates a point for bisection where
> crossing it, all objects must be thrown away. We have a few other such
> points already due to generated file name clashes so this has not been
> a blocking issue.

I'll look at adding a dependency on build flags for 1.1.

-- 
error compiling committee.c: too many arguments to function