Does exec-shield with -fpie work?

From: Terje Eggestad
Date: Tue Jun 15 2004 - 03:07:40 EST

Next message: Arjan van de Ven: "Re: Does exec-shield with -fpie work?"
Previous message: Sean Legassick: "Re: Toshiba keyboard lockups"
Next in thread: Arjan van de Ven: "Re: Does exec-shield with -fpie work?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

I'm using FC2 with 2.6.5-1.358 and 2.6.6-1.435 kernels (same behavior)

exec-shield enables (If I understand correctly):

[root@pc-16 te]# cat /proc/sys/kernel/exec-shield
1
[root@pc-16 te]# cat /proc/sys/kernel/exec-shield-randomize
1

Have a little test program that print out the addresses of a couple of
symbols:
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>

main()
{
char * a = "hei hei";
char * b = "hei hei alle sammen";
int rc;

rc = strcmp(a, b);

printf ("main %p strcmp %p\n", main, strcmp);
printf ("getpid %p malloc %p\n", getpid, malloc);
printf ("stack syms: a = %p b = %p rc = %p\n", &a, &b, &rc);

};

Now I run it several times and while the stack addrs is randiomized,
libc only alternate between two addresses and main() is always at the
same place, I though part of the idea was to really randomize the shared
lib addrs as well as the main prog sym addrs? :

te pc-16 ~ 70> !gcc
gcc -fPIE -fpic -o ./testsc ./testsc.c

te pc-16 ~ 71> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef7eb20 b = 0xfef7eb1c rc = 0xfef7eb18
te pc-16 ~ 72> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfee4dd80 b = 0xfee4dd7c rc = 0xfee4dd78
te pc-16 ~ 73> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfee49dd0 b = 0xfee49dcc rc = 0xfee49dc8
te pc-16 ~ 74> ./testsc
main 0x80483f8 strcmp 0x1771e0
getpid 0x197ea0 malloc 0x171010
stack syms: a = 0xfef68540 b = 0xfef6853c rc = 0xfef68538
te pc-16 ~ 75> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef4c980 b = 0xfef4c97c rc = 0xfef4c978
te pc-16 ~ 76> ./testsc
main 0x80483f8 strcmp 0x4b91e0
getpid 0x4d9ea0 malloc 0x4b3010
stack syms: a = 0xfef4bd40 b = 0xfef4bd3c rc = 0xfef4bd38
te pc-16 ~ 77> ./testsc
main 0x80483f8 strcmp 0x1771e0
getpid 0x197ea0 malloc 0x171010
stack syms: a = 0xfef44620 b = 0xfef4461c rc = 0xfef44618
te pc-16 ~ 78>

--

Terje Eggestad
Senior Software Engineer
dir. +47 22 62 89 61
mob. +47 975 31 57
fax. +47 22 62 89 51
terje.eggestad@xxxxxxxxx

Scali - www.scali.com
High Performance Clustering

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: Does exec-shield with -fpie work?"
Previous message: Sean Legassick: "Re: Toshiba keyboard lockups"
Next in thread: Arjan van de Ven: "Re: Does exec-shield with -fpie work?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]