* how to turn off PIE on Fedora?
@ 2003-12-13 2:39 Per Bothner
2003-12-13 2:41 ` Daniel Berlin
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Per Bothner @ 2003-12-13 2:39 UTC (permalink / raw)
To: gcc
Can any Red Hat engineers shed light on this:
Data seems to move around unpredictably under Fedora Core.
I.e. I run cc1 under gdb to a breakpoint or error, and note
the memory address of some variable. I then re-run cc1 with
no changes, and the variable has jumped to a different address.
This complicates debugging, and specifically setting conditional
breakpoints.
This presumably is because of PIE "position independent
executables", which is supoosed to increase security. Fine -
but how can I turn it off for development builds?
PIE also breaks PCH, and hence running the gcc testsuite.
--
--Per Bothner
per@bothner.com http://per.bothner.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 2:39 how to turn off PIE on Fedora? Per Bothner
@ 2003-12-13 2:41 ` Daniel Berlin
2003-12-13 3:57 ` Per Bothner
2003-12-13 3:32 ` Diego Novillo
2003-12-14 8:27 ` Geoff Keating
2 siblings, 1 reply; 9+ messages in thread
From: Daniel Berlin @ 2003-12-13 2:41 UTC (permalink / raw)
To: Per Bothner; +Cc: gcc
On Dec 12, 2003, at 9:22 PM, Per Bothner wrote:
> Can any Red Hat engineers shed light on this:
>
> Data seems to move around unpredictably under Fedora Core.
> I.e. I run cc1 under gdb to a breakpoint or error, and note
> the memory address of some variable. I then re-run cc1 with
> no changes, and the variable has jumped to a different address.
> This complicates debugging, and specifically setting conditional
> breakpoints.
>
> This presumably is because of PIE "position independent
> executables", which is supoosed to increase security. Fine -
> but how can I turn it off for development builds?
>
> PIE also breaks PCH, and hence running the gcc testsuite.
>
[root@dberlin bin]# grep exec-shield /etc/sysctl.conf
kernel.exec-shield = 0
kernel.exec-shield-randomize = 0
(throwing it in sysctl.conf makes it automatically do it for you on
bootup, you'll still have to sysctl -w these manually if you don't want
to reboot)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 2:39 how to turn off PIE on Fedora? Per Bothner
2003-12-13 2:41 ` Daniel Berlin
@ 2003-12-13 3:32 ` Diego Novillo
2003-12-14 8:27 ` Geoff Keating
2 siblings, 0 replies; 9+ messages in thread
From: Diego Novillo @ 2003-12-13 3:32 UTC (permalink / raw)
To: Per Bothner; +Cc: gcc
On Fri, 2003-12-12 at 21:22, Per Bothner wrote:
> This presumably is because of PIE "position independent
> executables", which is supoosed to increase security. Fine -
> but how can I turn it off for development builds?
>
Add this to /etc/rc.local
echo 0 > /proc/sys/kernel/exec-shield
Diego.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 2:41 ` Daniel Berlin
@ 2003-12-13 3:57 ` Per Bothner
2003-12-13 4:14 ` Brad Roberts
2003-12-13 10:24 ` Jakub Jelinek
0 siblings, 2 replies; 9+ messages in thread
From: Per Bothner @ 2003-12-13 3:57 UTC (permalink / raw)
To: Daniel Berlin; +Cc: gcc, dnovillo
Daniel Berlin wrote:
> [root@dberlin bin]# grep exec-shield /etc/sysctl.conf
> kernel.exec-shield = 0
> kernel.exec-shield-randomize = 0
Thanks for the quick response from you and Diego. But
I hope that isn't the official Red Hat answer.
If Red Hat thinks PIE is useful then suggesting that
people turn it off globally isn't an acceptable solution.
If Red Hat doesn't think it is useful, then it shouldn't
be enabled by default.
There are many machines (including mine) where people
might want to run gdb which have either untrusted users
or run network servers.
I can accept "exec shield is a work-in-progress and for
now it has to be enabled/disabled globally." But I hope
no-one will consider it "done" if that is the case.
The natural solution would be an environment variable
that would turn off exec-shielf. Gdb should set that for
inferior processes by default. I don't know if that is
possible, or if that might add vulnerability. (Changing
users should probably re-enable exec-shield.)
There is still the question of PCH support - though I'm hoping
the compile-server will be a good alternative.
--
--Per Bothner
per@bothner.com http://per.bothner.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 3:57 ` Per Bothner
@ 2003-12-13 4:14 ` Brad Roberts
2003-12-13 5:03 ` Per Bothner
2003-12-13 10:24 ` Jakub Jelinek
1 sibling, 1 reply; 9+ messages in thread
From: Brad Roberts @ 2003-12-13 4:14 UTC (permalink / raw)
To: Per Bothner; +Cc: Daniel Berlin, gcc, dnovillo
This is largely offtopic for this list, but wouldn't having it user
disableable largely defeat the safety that exec-shield is attempting to
provide?
Later,
Brad
On Fri, 12 Dec 2003, Per Bothner wrote:
> Date: Fri, 12 Dec 2003 19:32:35 -0800
> From: Per Bothner <per@bothner.com>
> To: Daniel Berlin <dberlin@dberlin.org>
> Cc: gcc@gcc.gnu.org, dnovillo@redhat.com
> Subject: Re: how to turn off PIE on Fedora?
>
> Daniel Berlin wrote:
>
> > [root@dberlin bin]# grep exec-shield /etc/sysctl.conf
> > kernel.exec-shield = 0
> > kernel.exec-shield-randomize = 0
>
> Thanks for the quick response from you and Diego. But
> I hope that isn't the official Red Hat answer.
> If Red Hat thinks PIE is useful then suggesting that
> people turn it off globally isn't an acceptable solution.
> If Red Hat doesn't think it is useful, then it shouldn't
> be enabled by default.
>
> There are many machines (including mine) where people
> might want to run gdb which have either untrusted users
> or run network servers.
>
> I can accept "exec shield is a work-in-progress and for
> now it has to be enabled/disabled globally." But I hope
> no-one will consider it "done" if that is the case.
>
> The natural solution would be an environment variable
> that would turn off exec-shielf. Gdb should set that for
> inferior processes by default. I don't know if that is
> possible, or if that might add vulnerability. (Changing
> users should probably re-enable exec-shield.)
>
> There is still the question of PCH support - though I'm hoping
> the compile-server will be a good alternative.
> --
> --Per Bothner
> per@bothner.com http://per.bothner.com/
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 4:14 ` Brad Roberts
@ 2003-12-13 5:03 ` Per Bothner
0 siblings, 0 replies; 9+ messages in thread
From: Per Bothner @ 2003-12-13 5:03 UTC (permalink / raw)
To: Brad Roberts; +Cc: gcc
Brad Roberts wrote:
> This is largely offtopic for this list, but wouldn't having it user
> disableable largely defeat the safety that exec-shield is attempting to
> provide?
I don't think so, but I might be missing something. Exec-shield doesn't
limit the ability of a program or a user to do anything. What it does
is make it much harder to *trick* a program that *has* certain
priviliges to do something by exploiting a bug. So any program that
does something on behalf of another user (such as a set-uid program or a
server) benefits from exec-shield. "User program" don't, as far as I
can see, but I'm not a security expert. So you might want to prohibit
calls like setuid in a process started without exec-shield.
--
--Per Bothner
per@bothner.com http://per.bothner.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 3:57 ` Per Bothner
2003-12-13 4:14 ` Brad Roberts
@ 2003-12-13 10:24 ` Jakub Jelinek
2003-12-13 13:46 ` Toon Moene
1 sibling, 1 reply; 9+ messages in thread
From: Jakub Jelinek @ 2003-12-13 10:24 UTC (permalink / raw)
To: Per Bothner; +Cc: Daniel Berlin, gcc, dnovillo, mingo
On Fri, Dec 12, 2003 at 07:32:35PM -0800, Per Bothner wrote:
> Daniel Berlin wrote:
>
> >[root@dberlin bin]# grep exec-shield /etc/sysctl.conf
> >kernel.exec-shield = 0
> >kernel.exec-shield-randomize = 0
>
> Thanks for the quick response from you and Diego. But
> I hope that isn't the official Red Hat answer.
> If Red Hat thinks PIE is useful then suggesting that
> people turn it off globally isn't an acceptable solution.
> If Red Hat doesn't think it is useful, then it shouldn't
> be enabled by default.
First of all, your question is not about disabling PIE
(which is an executable in a form of an ET_DYN object,
you disable PIE by simply relinking a binary as ET_EXEC executable
instead of -pie), but you want to disable randomization.
That can be disabled either globally as mentioned above,
or ATM using setarch i386 program for program and all processes
started by it (unless they use another setarch or call personality
syscall themselves).
I hope in the future there will be separate personality bits
for randomization, 3GB address space limitation and 32/64bit
uname -m selection, though that depends on Linus to accept
the personality changes at least.
Once there is an architecture independent bit for that,
surely gdb should disable randomization by default (but have
some command to allow it, e.g. from .gdbinit or its prompt),
similarly gcc/g++/gcj etc. drivers should IMHO disable randomization
for the compiler backend.
For now setarch i386 gdb works for me.
Jakub
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 10:24 ` Jakub Jelinek
@ 2003-12-13 13:46 ` Toon Moene
0 siblings, 0 replies; 9+ messages in thread
From: Toon Moene @ 2003-12-13 13:46 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Per Bothner, Daniel Berlin, gcc, dnovillo, mingo
Jakub Jelinek wrote:
[ ... nice explanation of PIE vs ET_DYN and ET_EXEC ... ]
{ -1, Troll }
And all that because we use a language that makes it hard to do bounds
checking ....
Sigh,
--
Toon Moene - mailto:toon@moene.indiv.nluug.nl - phoneto: +31 346 214290
Saturnushof 14, 3738 XG Maartensdijk, The Netherlands
Maintainer, GNU Fortran 77: http://gcc.gnu.org/onlinedocs/g77_news.html
GNU Fortran 95: http://gcc.gnu.org/fortran/ (under construction)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: how to turn off PIE on Fedora?
2003-12-13 2:39 how to turn off PIE on Fedora? Per Bothner
2003-12-13 2:41 ` Daniel Berlin
2003-12-13 3:32 ` Diego Novillo
@ 2003-12-14 8:27 ` Geoff Keating
2 siblings, 0 replies; 9+ messages in thread
From: Geoff Keating @ 2003-12-14 8:27 UTC (permalink / raw)
To: Per Bothner; +Cc: gcc
Per Bothner <per@bothner.com> writes:
> Can any Red Hat engineers shed light on this:
>
> Data seems to move around unpredictably under Fedora Core.
> I.e. I run cc1 under gdb to a breakpoint or error, and note
> the memory address of some variable. I then re-run cc1 with
> no changes, and the variable has jumped to a different address.
> This complicates debugging, and specifically setting conditional
> breakpoints.
>
> This presumably is because of PIE "position independent
> executables", which is supoosed to increase security. Fine -
> but how can I turn it off for development builds?
>
> PIE also breaks PCH, and hence running the gcc testsuite.
The PCH problem has come up before, I responded to it in
<http://gcc.gnu.org/ml/gcc/2003-11/msg00242.html>. I didn't realise
this would apply to the GCC executable, too; for that, I suggest
adding -fno-pie to CFLAGS. (I don't believe PCH requires any library
function addresses to stay constant, so long as they don't move into
address space that PCH needs.)
--
- Geoffrey Keating <geoffk@geoffk.org>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2003-12-14 8:15 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-12-13 2:39 how to turn off PIE on Fedora? Per Bothner
2003-12-13 2:41 ` Daniel Berlin
2003-12-13 3:57 ` Per Bothner
2003-12-13 4:14 ` Brad Roberts
2003-12-13 5:03 ` Per Bothner
2003-12-13 10:24 ` Jakub Jelinek
2003-12-13 13:46 ` Toon Moene
2003-12-13 3:32 ` Diego Novillo
2003-12-14 8:27 ` Geoff Keating
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).