lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 6 May 2024 17:14:36 -0700
From: Fangrui Song <maskray@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>, John Hubbard <jhubbard@...dia.com>, 
	Eric Biederman <ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>, 
	Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, 
	Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, Yang Yingliang <yangyingliang@...wei.com>, 
	kernel@...labora.com, linux-mm@...ck.org, linux-kselftest@...r.kernel.org, 
	linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2] selftests: exec: make binaries position independent

On Mon, May 6, 2024 at 5:05 PM Kees Cook <keescook@...omium.org> wrote:
>
> On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
> > On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <keescook@...omium.org> wrote:
> > >
> > > On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
> > > > The -static overrides the -pie and binaries aren't position independent
> > > > anymore. Use -static-pie instead which would produce a static and
> > > > position independent binary. This has been caught by clang's warnings:
> > > >
> > > >   clang: warning: argument unused during compilation: '-pie'
> > > >   [-Wunused-command-line-argument]
> > > >
> > > > Tested with both gcc and clang after this change.
> > > >
> > > > Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
> > > > Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
> > >
> > > Thanks for this!
> > >
> > > Reviewed-by: Kees Cook <keescook@...omium.org>
> > >
> > > --
> > > Kees Cook
> >
> > GCC versions before 8.1 do not support -static-pie,
> > while https://www.kernel.org/doc/html/next/process/changes.html says
> > the minimal version is GCC 5.1.
> > Is this a problem?
> >
> > If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
> > (PIC), using -static-pie looks good to me.
>
> Should we use this alternative, which may be more portable?
> https://lore.kernel.org/all/20240504022301.35250-1-jhubbard@nvidia.com/
>
> -Kees

s/-fPIE -static/-static/ then it looks good to me:)

-static creates a position-dependent executable.
It doesn't matter whether the compiler uses -fno-pic/-fpie/-fpic
codegen, so -fPIE can be removed.



-- 
宋方睿

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ