Date: Thu, 4 Jun 2020 10:23:08 -0400 From: Ed Maste <emaste@freebsd.org> To: freebsd-security@freebsd.org Subject: Improved PIE binary tooling Message-ID: <CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Kostik and I recently committed a couple of changes to improve PIE binary support: r361725 Do not allow to load ET_DYN object with DF_1_PIE flag set. r361740 lld: Set DF_1_PIE for -pie Previously there could be ambiguity as to whether an object is a shared library (DSO) or Position Independent Executable (PIE) binary; a PIE is in fact a special type of DSO. These changes add a .dynamic flag DF_1_PIE that's used to unambiguously indicate that an object is a PIE binary, and disallow the use of dlopen() or DT_NEEDED on that binary. Future changes should have file(1) report "position independent executable" or similar instead of "shared object". Some desktop environments / file managers have had issues refusing to execute PIE binaries, and tagging them should also address those.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ>