[FFmpeg-devel] [PATCH]configure: Enable pie for toolchain=hardened.

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri Oct 14 21:02:50 EEST 2016


On 14.10.2016 18:28, Michael Niedermayer wrote:
> On Thu, Oct 13, 2016 at 12:56:56AM +0200, Andreas Cadhalpun wrote:
>> If you want both NX and ASLR security features for an executable it has
>> to be built with '-pie' and must not contain text relocations.
> 
> this should not be true
> the difference between text relocations and lack there off is that
> without text relocations a binary is loaded and written into memory
> with text relocations the binary is loaded the addresses for
> relocations updated and writen into memory.
> There is at a theoretical level no difference in required access rights
> write to memory is neccessary at the load stage, no execute is needed
> here and once done rights can be fliped over into execute without write
> This may very well not work out that way in gnu linux but thats a
> implementation problem then not a fundamental issue in NX+ASLR+TEXRELs
> That is unless iam missing something
> 
> also a simple test:
> gcc xtest.c -pie -m32 -o xtest
> int main() {
>     void *ref;
> asm (
>     "mov $main, %0"
>     :"=r"(ref)
> );
> printf("? %p\n", ref);
> //can we read it ?
> printf("R %d\n", *(int*)ref);
> //can we write it ?
> *(int*)ref = 123;
> 
> return 0;
> }
> 
> Executing this shows that the write is prevented and segfaults, the
> address is different on each run and we have a text relocation in it
> thats on a ancient ubuntu without special security patches that i
> remember

Interesting...
I was just rephrasing what I found on the web [1]:
"For NX to be useful, you need to make sure that all the executable
memory pages are loaded and set in stone right away; this makes text
relocation impossible"

Best regards,
Andreas


1: https://blog.flameeyes.eu/2009/11/the-pie-is-not-exactly-a-lie/


More information about the ffmpeg-devel mailing list