From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:39416) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RSPQB-0007e4-1i for qemu-devel@nongnu.org; Mon, 21 Nov 2011 03:40:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RSPQ8-0007HL-RH for qemu-devel@nongnu.org; Mon, 21 Nov 2011 03:40:10 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36991) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RSPQ8-0007Go-Dp for qemu-devel@nongnu.org; Mon, 21 Nov 2011 03:40:08 -0500 Message-ID: <4ECA0E5F.60004@redhat.com> Date: Mon, 21 Nov 2011 10:39:59 +0200 From: Avi Kivity MIME-Version: 1.0 References: <1321380737-23007-1-git-send-email-avi@redhat.com> <4EC8C440.8040801@redhat.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Blue Swirl Cc: Paul Moore , Peter Maydell , qemu-devel@nongnu.org On 11/20/2011 07:34 PM, Blue Swirl wrote: > On Sun, Nov 20, 2011 at 09:11, Avi Kivity wrote: > > On 11/15/2011 08:12 PM, Avi Kivity wrote: > >> Change the default on x86 Linux hosts to building PIE (position > >> independent executables); instead of restricting the option to > >> user-only targets, apply it to all targets. > >> > >> In addition, set the relocation sections to read-only (relro) when > >> available; this reduces the attack surface by disallowing changes to > >> relocation tables at runtime. > >> > >> While PIE reduces performance and relro increases load time, it > >> greatly improves security, with the potential to reduce a code > >> execution vulnerability to a self denial of service. > >> > >> Non-x86 are not changed, as they require TCG changes; neither are > >> non-Linux, due to lack of test coverage. > >> > >> > > > > Ping. > > I tested the patch on OpenBSD 5.0/Sparc64 with --enable-pie, but the > resulting executables crash immediately. Maybe the PIE binaries are > not supported by the Sparc64 kernel or ld.so, some PIE support was > added in 4.4. That's fine, we're off by default there. > It looks like the support for PIE executables was only added to GDB > 7.1. For example Debian stable: > > GNU gdb (GDB) 7.0.1-debian > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > For bug reporting instructions, please see: > . > Attaching to process 2092 > > warning: The current binary is a PIE (Position Independent Executable), which > GDB does NOT currently support. Most debugger features will fail if used > in this session. > > Reading symbols from /src/qemu/obj-amd64/i386-softmmu/qemu-system-i386...done. > 0x00007f6f08ccf8d3 in ?? () > (gdb) b do_interrupt > Cannot access memory at address 0x2136c0 > > Perhaps developers or users inclined to debug can be assumed to have a > recent GDB. Though on OpenBSD, GDB is pretty old 6.3. IMO the advantages in security are greater than the disadvantages in comfort. You can always use --disable-pie if you find your debugger doesn't support it, but you can't --enable-pie if you've been breached. > Another issue is that this creates a point for bisection where > crossing it, all objects must be thrown away. We have a few other such > points already due to generated file name clashes so this has not been > a blocking issue. I'll look at adding a dependency on build flags for 1.1. -- error compiling committee.c: too many arguments to function