lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 6 May 2024 17:23:59 -0700
From: John Hubbard <jhubbard@...dia.com>
To: Fangrui Song <maskray@...gle.com>, Kees Cook <keescook@...omium.org>
CC: Muhammad Usama Anjum <usama.anjum@...labora.com>, Eric Biederman
	<ebiederm@...ssion.com>, Shuah Khan <shuah@...nel.org>, Nathan Chancellor
	<nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, "Bill
 Wendling" <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, "Andrew
 Morton" <akpm@...ux-foundation.org>, Yang Yingliang
	<yangyingliang@...wei.com>, <kernel@...labora.com>, <linux-mm@...ck.org>,
	<linux-kselftest@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<llvm@...ts.linux.dev>
Subject: Re: [PATCH v2] selftests: exec: make binaries position independent

On 5/6/24 5:14 PM, Fangrui Song wrote:
> On Mon, May 6, 2024 at 5:05 PM Kees Cook <keescook@...omium.org> wrote:
>>
>> On Mon, May 06, 2024 at 04:30:27PM -0700, Fangrui Song wrote:
>>> On Tue, Apr 16, 2024 at 10:28 AM Kees Cook <keescook@...omium.org> wrote:
>>>>
>>>> On Tue, Apr 16, 2024 at 08:28:29PM +0500, Muhammad Usama Anjum wrote:
>>>>> The -static overrides the -pie and binaries aren't position independent
>>>>> anymore. Use -static-pie instead which would produce a static and
>>>>> position independent binary. This has been caught by clang's warnings:
>>>>>
>>>>>    clang: warning: argument unused during compilation: '-pie'
>>>>>    [-Wunused-command-line-argument]
>>>>>
>>>>> Tested with both gcc and clang after this change.
>>>>>
>>>>> Fixes: 4d1cd3b2c5c1 ("tools/testing/selftests/exec: fix link error")
>>>>> Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
>>>>
>>>> Thanks for this!
>>>>
>>>> Reviewed-by: Kees Cook <keescook@...omium.org>
>>>>
>>>> --
>>>> Kees Cook
>>>
>>> GCC versions before 8.1 do not support -static-pie,
>>> while https://www.kernel.org/doc/html/next/process/changes.html says
>>> the minimal version is GCC 5.1.
>>> Is this a problem?
>>>
>>> If not, and CFLAGS is guaranteed to include -fpie/-fpic/-fPIE/-fPIC
>>> (PIC), using -static-pie looks good to me.
>>
>> Should we use this alternative, which may be more portable?
>> https://lore.kernel.org/all/20240504022301.35250-1-jhubbard@nvidia.com/
>>
>> -Kees
> 
> s/-fPIE -static/-static/ then it looks good to me:)

hmm, maybe that is better, considering that -static-pie is relatively
new (as you pointed out in the other thread), and would break the
minimum kernel gcc version requirements.

> 
> -static creates a position-dependent executable.
> It doesn't matter whether the compiler uses -fno-pic/-fpie/-fpic
> codegen, so -fPIE can be removed.
> 

This is something I'd have to take your word for. The whole PIE
story not completely clear to me, but if you're sure it is not
required here, then of course leaving it out entirely works nicely...


thanks,
-- 
John Hubbard
NVIDIA


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ