On 11/20/2011 07:34 PM, Blue Swirl wrote: > On Sun, Nov 20, 2011 at 09:11, Avi Kivity <a...@redhat.com> wrote: > > On 11/15/2011 08:12 PM, Avi Kivity wrote: > >> Change the default on x86 Linux hosts to building PIE (position > >> independent executables); instead of restricting the option to > >> user-only targets, apply it to all targets. > >> > >> In addition, set the relocation sections to read-only (relro) when > >> available; this reduces the attack surface by disallowing changes to > >> relocation tables at runtime. > >> > >> While PIE reduces performance and relro increases load time, it > >> greatly improves security, with the potential to reduce a code > >> execution vulnerability to a self denial of service. > >> > >> Non-x86 are not changed, as they require TCG changes; neither are > >> non-Linux, due to lack of test coverage. > >> > >> > > > > Ping. > > I tested the patch on OpenBSD 5.0/Sparc64 with --enable-pie, but the > resulting executables crash immediately. Maybe the PIE binaries are > not supported by the Sparc64 kernel or ld.so, some PIE support was > added in 4.4.
That's fine, we're off by default there. > It looks like the support for PIE executables was only added to GDB > 7.1. For example Debian stable: > > GNU gdb (GDB) 7.0.1-debian > Copyright (C) 2009 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>. > Attaching to process 2092 > > warning: The current binary is a PIE (Position Independent Executable), which > GDB does NOT currently support. Most debugger features will fail if used > in this session. > > Reading symbols from /src/qemu/obj-amd64/i386-softmmu/qemu-system-i386...done. > 0x00007f6f08ccf8d3 in ?? () > (gdb) b do_interrupt > Cannot access memory at address 0x2136c0 > > Perhaps developers or users inclined to debug can be assumed to have a > recent GDB. Though on OpenBSD, GDB is pretty old 6.3. IMO the advantages in security are greater than the disadvantages in comfort. You can always use --disable-pie if you find your debugger doesn't support it, but you can't --enable-pie if you've been breached. > Another issue is that this creates a point for bisection where > crossing it, all objects must be thrown away. We have a few other such > points already due to generated file name clashes so this has not been > a blocking issue. I'll look at adding a dependency on build flags for 1.1. -- error compiling committee.c: too many arguments to function