Does exec-shield with -fpie work?

Does exec-shield with -fpie work?

[Terje Eggestad]

Hi 

I'm using FC2 with 2.6.5-1.358 and 2.6.6-1.435 kernels (same behavior)

exec-shield enables (If I understand correctly):

[root@pc-16 te]# cat /proc/sys/kernel/exec-shield
1
[root@pc-16 te]# cat /proc/sys/kernel/exec-shield-randomize 
1


Have a little test program that print out the addresses of a couple of
symbols:
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>


main()
{
   char * a = "hei hei";
   char * b = "hei hei alle sammen";
   int rc;

   rc = strcmp(a, b);

   printf ("main %p strcmp %p\n", main, strcmp);
   printf ("getpid %p malloc %p\n", getpid, malloc);
   printf ("stack syms: a = %p  b = %p rc = %p\n", &a, &b, &rc);

};


Now I run it several times and while the stack addrs is randiomized,
libc only alternate between two addresses and main() is always at the
same place, I though part of the idea was to really randomize the shared
lib addrs as well as the main prog sym addrs? :


te pc-16 ~ 70> !gcc
gcc -fPIE -fpic -o ./testsc ./testsc.c



te pc-16 ~ 71> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef7eb20  b = 0xfef7eb1c rc = 0xfef7eb18
te pc-16 ~ 72> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfee4dd80  b = 0xfee4dd7c rc = 0xfee4dd78
te pc-16 ~ 73> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfee49dd0  b = 0xfee49dcc rc = 0xfee49dc8
te pc-16 ~ 74> ./testsc
main 0x80483f8 strcmp 0x1771e0
getpid 0x197ea0 malloc 0x171010
stack syms: a = 0xfef68540  b = 0xfef6853c rc = 0xfef68538
te pc-16 ~ 75> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef4c980  b = 0xfef4c97c rc = 0xfef4c978
te pc-16 ~ 76> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef4bd40  b = 0xfef4bd3c rc = 0xfef4bd38
te pc-16 ~ 77> ./testsc
main 0x80483f8 strcmp 0x1771e0
getpid 0x197ea0 malloc 0x171010
stack syms: a = 0xfef44620  b = 0xfef4461c rc = 0xfef44618
te pc-16 ~ 78> 




-- 

Terje Eggestad
Senior Software Engineer
dir. +47 22 62 89 61
mob. +47 975 31 57
fax. +47 22 62 89 51
terje.eggestad@scali.com

Scali - www.scali.com
High Performance Clustering

Re: Does exec-shield with -fpie work?

[Arjan van de Ven]

[-- Attachment #1: Type: text/plain, Size: 207 bytes --]


> te pc-16 ~ 70> !gcc
> gcc -fPIE -fpic -o ./testsc ./testsc.c
> 

you need to pass -pie as option as well; -fpie for the compiler, -pie for the linker,
eg

gcc -fPIE -pie -o ./testsc ./testsc.c


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Does exec-shield with -fpie work?

[Jakub Jelinek]

On Tue, Jun 15, 2004 at 10:05:23AM +0200, Terje Eggestad wrote:
> te pc-16 ~ 70> !gcc
> gcc -fPIE -fpic -o ./testsc ./testsc.c

This is not a command to build a PIE.
You need
gcc -fpie -pie -o ./testsc ./testsc.c
instead (or s/-fpie/-fPIE/).

Furthermore, I don't think lkml is the right mailing list to ask about this.

	Jakub

Re: Does exec-shield with -fpie work?

[Terje Eggestad]

Thx Arjan

That did it!

TJ

On Tue, 2004-06-15 at 10:33, Arjan van de Ven wrote:
> > te pc-16 ~ 70> !gcc
> > gcc -fPIE -fpic -o ./testsc ./testsc.c
> > 
> 
> you need to pass -pie as option as well; -fpie for the compiler, -pie for the linker,
> eg
> 
> gcc -fPIE -pie -o ./testsc ./testsc.c
-- 

Terje Eggestad
Senior Software Engineer
dir. +47 22 62 89 61
mob. +47 975 31 57
fax. +47 22 62 89 51
terje.eggestad@scali.com

Scali - www.scali.com
High Performance Clustering