Re: ASLR and PIE
Thor Lancelot Simon <tls <at> panix.com>
2011-12-05 20:41:35 GMT
On Mon, Dec 05, 2011 at 11:15:26PM +0300, Aleksey Cheusov wrote:
> Address Space Layout Randomization was implemented in NetBSD
> years ago but all userspace utilities including daemons
> are still built without PIC (Position Independend Code).
> Was this made by intention? If yes, can anybody please expain this
On some platforms, ASLR in particular has a very large runtime cost
which is hard to avoid (it's not free anywhere). Similarly, on
platforms which are register-poor, PIC is not always the best choice.
However, I have considerable experience with a NetBSD-based embedded
system which built as much as possible with PIE and ASLR. This
revealed a number of issues which would, even if we decided to do so
immediately, make it impossible to build the whole system PIE and
run it with ASLR. Among these are:
1) Incompatibility of our thread library with ASLR.
2) Incompatibility of crunchgen with object files built
for PIE, causing /rescue to be unbuildable.
3) Incompatibility of our debugger with PIE executables and
4) Existence of various "private" libraries in the system
which are built using our library build framework but
not installed, thus making it hard to be sure you've
caught all the libraries and made them build PIC.