Re: PIE and FSF gcc

Sun, 19 Jun 2011 14:02:58 -0700 

On 06/19/2011 04:26 PM, Ian Lance Taylor wrote:
> Jack Howarth <howa...@bromo.med.uc.edu> writes:
> 
>> On Fri, Jun 17, 2011 at 07:30:43AM -0700, Ian Lance Taylor wrote:
>>>
>>> For PCH what matters is not whether gcc defaults to generating PIE, but
>>> whether gcc itself is compiled as a PIE.  In general I believe that a
>>> PIE gcc will not support PCH--it will work most of the time, but will
>>> occasionally fail.  However, I have not actually tested this.  If I'm
>>> right about this limitation, it would be quite difficult to fix given
>>> the current PCH implementation.  Fortunately, as far as I can see, the
>>> kind of attacks which PIE protects against are unimportant when
>>> attacking gcc, as gcc simply runs under your own user ID on your own
>>> system.  Anything the user can somehow suborn gcc into doing, the user
>>> can do anyhow.  So I see no reason to build gcc as a PIE.  Of course
>>> those considerations would change if somebody is running a compilation
>>> server on the net which invokes gcc; such a setup might get some small
>>> benefit from building gcc as a PIE, but such a setup would be unlikely
>>> to support PCH in any case.
>>
>>    I found some interesting information on what Gentoo Hardened Linux
>> is doing with their toolchain here...
>>
>> http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml
>>
>> It appears that they consider JIT to be a major security risk and disable it
>> by default...
>>
>> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#jitflag
>>
>> as well as passing...
>>
>> CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,now 
>> -Wl,-z,relro" 
>>
>> automatically on builds.
> 
> Those web pages are about whether gcc defaults to generating PIE.  As I
> said, for PCH what matters is whether gcc itself is compiled as a PIE.

Our gcc itself is PIE code.  'readelf -h /usr/bin/gcc | grep Type' gives

     Type:                              DYN (Shared object file)

We have to disable PCH because it is broken as expected.

The JIT issue is because of RWX mappings which are killed by our
hardened kernel.  PaX.

> 
> 
>> Also, apparently -O3 is considered problematic when SSP is in use.
>>
>> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#Othreessp
> 
> It would be interesting to find out what the problem is here.
> 
> Ian

I don't know what the problem is here but I have seen ssp break with
-O3.  I'd like to know too.


-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Reply via email to