headers
Reimar Döffinger | 21 May 2012 22:54
Picon
Picon

[PATCH] compile as PIE by default

Hello,
below patch would compile MPlayer as PIE on x86 by default.
On 32 bit, the cost would only be in a larger binary size and having to do
relocations at startup, but no real cost at runtime.
On 64 bit, there is almost no size or runtime overhead, mostly that
in some cases PIC-relative addressing has to be used.
I believe that none of the assembler code will be disabled by either.
I have not made any changes to other architectures since I can't
judge the impact.
A side effect of the 64 bit case is that MPlayer will refuse to link
against some static libraries (those not compiled with PIC and thus violating
the ABI), one example (which only exists as static library) is LIVE555
as provided by Debian.
Another point is that backtraces without debug info will probably be
even less useful.
Any comments? My belief is that there is negligible if any disadvantage
for a sometimes significant win in security.

Index: configure
===================================================================
--- configure	(revision 34955)
+++ configure	(working copy)
 <at>  <at>  -2643,6 +2643,22  <at>  <at> 
 fi

 
+# try to create a relocatable binary by default
+echocheck "relocatable binary"
+if x86_32 && cflag_check -pie ; then
+  extra_ldflags="$extra_ldflags -pie"
(Continue reading)

Permalink | Reply |
headers
Alexander Strasser | 22 May 2012 00:56
Picon

Re: [PATCH] compile as PIE by default

Hello Reimar,

Reimar Döffinger wrote:
> below patch would compile MPlayer as PIE on x86 by default.
> On 32 bit, the cost would only be in a larger binary size and having to do
> relocations at startup, but no real cost at runtime.
> On 64 bit, there is almost no size or runtime overhead, mostly that
> in some cases PIC-relative addressing has to be used.
> I believe that none of the assembler code will be disabled by either.
> I have not made any changes to other architectures since I can't
> judge the impact.
> A side effect of the 64 bit case is that MPlayer will refuse to link
> against some static libraries (those not compiled with PIC and thus violating
> the ABI), one example (which only exists as static library) is LIVE555
> as provided by Debian.
> Another point is that backtraces without debug info will probably be
> even less useful.
> Any comments? My belief is that there is negligible if any disadvantage
> for a sometimes significant win in security.

  Sounds reasonable, judging from what you say. I cannot evaluate the
ramifications myself. So no strong opinions on my side.

  Waiting a bit for more informed comments, may be better though.

  Alexander
Permalink | Reply |
headers
Ivan Kalvachev | 22 May 2012 03:27
Picon

Re: [PATCH] compile as PIE by default

On 5/21/12, Reimar Döffinger <Reimar.Doeffinger <at> gmx.de> wrote:
> Hello,
> below patch would compile MPlayer as PIE on x86 by default.
> On 32 bit, the cost would only be in a larger binary size and having to do
> relocations at startup, but no real cost at runtime.
> On 64 bit, there is almost no size or runtime overhead, mostly that
> in some cases PIC-relative addressing has to be used.
> I believe that none of the assembler code will be disabled by either.
> I have not made any changes to other architectures since I can't
> judge the impact.
> A side effect of the 64 bit case is that MPlayer will refuse to link
> against some static libraries (those not compiled with PIC and thus
> violating
> the ABI), one example (which only exists as static library) is LIVE555
> as provided by Debian.
> Another point is that backtraces without debug info will probably be
> even less useful.
> Any comments? My belief is that there is negligible if any disadvantage
> for a sometimes significant win in security.
>
> Index: configure
> ===================================================================
> --- configure	(revision 34955)
> +++ configure	(working copy)
>  <at>  <at>  -2643,6 +2643,22  <at>  <at> 
>  fi
>
>
> +# try to create a relocatable binary by default
> +echocheck "relocatable binary"
(Continue reading)

Permalink | Reply |
headers
Reimar Döffinger | 22 May 2012 09:20
Picon
Picon

Re: [PATCH] compile as PIE by default

On 22 May 2012, at 03:27, Ivan Kalvachev <ikalvachev <at> gmail.com> wrote:
> On 5/21/12, Reimar Döffinger <Reimar.Doeffinger <at> gmx.de> wrote:
>> Hello,
>> below patch would compile MPlayer as PIE on x86 by default.
>> On 32 bit, the cost would only be in a larger binary size and having to do
>> relocations at startup, but no real cost at runtime.
>> On 64 bit, there is almost no size or runtime overhead, mostly that
>> in some cases PIC-relative addressing has to be used.
>> I believe that none of the assembler code will be disabled by either.
>> I have not made any changes to other architectures since I can't
>> judge the impact.
>> A side effect of the 64 bit case is that MPlayer will refuse to link
>> against some static libraries (those not compiled with PIC and thus
>> violating
>> the ABI), one example (which only exists as static library) is LIVE555
>> as provided by Debian.
>> Another point is that backtraces without debug info will probably be
>> even less useful.
>> Any comments? My belief is that there is negligible if any disadvantage
>> for a sometimes significant win in security.
>> 
>> Index: configure
>> ===================================================================
>> --- configure    (revision 34955)
>> +++ configure    (working copy)
>>  <at>  <at>  -2643,6 +2643,22  <at>  <at> 
>> fi
>> 
>> 
>> +# try to create a relocatable binary by default
(Continue reading)

Permalink | Reply |
headers
Reimar Döffinger | 26 May 2012 20:55
Picon
Picon

[PATCH] Build as relocatable PIE binary by default on x86.

---
 configure |   31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/configure b/configure
index 722b8a4..5b150f5 100755
--- a/configure
+++ b/configure
 <at>  <at>  -596,6 +596,7  <at>  <at>  Advanced options:
   --enable-debug[=1-3]      compile-in debugging information [disable]
   --enable-profile          compile-in profiling information [disable]
   --disable-sighandler      disable sighandler for crashes [enable]
+  --disable-relocatable     disable compiling as relocatable/PIE executable [autodetect]
   --enable-crash-debug      enable automatic gdb attach on crash [disable]
   --enable-dynamic-plugins  enable dynamic A/V plugins [disable]

 <at>  <at>  -842,6 +843,7  <at>  <at>  _charset="UTF-8"
 _dynamic_plugins=no
 _crash_debug=no
 _sighandler=yes
+relocatable=auto
 _libdv=auto
 _cdparanoia=auto
 _cddb=auto
 <at>  <at>  -1422,6 +1424,8  <at>  <at>  for ac_option do
   --disable-crash-debug) _crash_debug=no ;;
   --enable-sighandler)  _sighandler=yes  ;;
   --disable-sighandler) _sighandler=no   ;;
+  --enable-relocatable)  relocatable=yes  ;;
+  --disable-relocatable) relocatable=no   ;;
(Continue reading)

Permalink | Reply |
headers
Reimar Döffinger | 26 May 2012 21:05
Picon
Picon

Re: [PATCH] compile as PIE by default

On Tue, May 22, 2012 at 04:27:12AM +0300, Ivan Kalvachev wrote:
> Without researching the topic.
> Would the above check fail if --enable-static is used?

This is very irritating. For 32 bit, --enable-static just fine creates a file
about which "ldd" says "statically linked", and "file" says is
relocatable (well, and also that it is dynamically linked), and
everything seems fine except that trying to execute it results
in "bash: ./mplayer: No such file or directory". WTF?
I can't test for 64 bit, because at least my system there is no static
crt available that is compatible with PIE, thus the feature is disabled:
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.7/crtbeginT.o: relocation
R_X86_64_32 against `__TMC_END__' can not be used when making a shared
object; recompile with -fPIC
Obviously nobody bothered to in the slightest bit test -pie with
-static, even though that combination very much makes sense (even if
not when you take the names literally)...
Permalink | Reply |

Gmane