et_dyn -fpie

Robert Connolly cendres at videotron.ca
Sat Jan 31 09:25:00 PST 2004


I'm retesting position independent executables. The only thing missing from 
the lfs cvs tools would be binutils that understands -pie. I tried FSF cvs 
binutils and they seem to work fine compared to HJL. Gentoo has made a new 
patch which modifies the gcc specs to build propolice/et_dyn by default. This 
should be helpfull to the non-x86 people, and gcc will be able to bootstrap 
with propolice/et_dyn. I tried changing the patch to convert it from -fPIC to 
-fPIE but it looks like the patch breaks 'gcc -pie -fpie', which is looked 
for by gcc-2.3.3 configure. So for now a new hgcc.sh will still work for 
-fpie. Like with propolice, glibc needs to be built twice. The first time 
will give the libs for gcc to be built with -fpie, after glibc and gcc are 
built, then when glibc is built again "checking for -fpie" should say "yes" 
in chap6, in chap5 it wont.

Part of glibc uses an executable stack. Gentoo has a dl patch for glibc to fix 
this for Pax. It seems to be a better fix than the patch from redhat. Aswell 
they have:
http://dev.gentoo.org/~solar/glibc/files/2.3.3/
glibc-2.3.3-owl-malloc-unlink-sanity-check.diff

Which is a fix from the Owl kernel project. Proof is here (I think):
http://cert.uni-stuttgart.de/archive/vuln-dev/2003/05/msg00060.html

Both of these patches would be a good idea to add to glibc-2.3.3.

The gcc-pie patch was fixed upstream by mandrake. It now patches cleanly on 
both gcc-3.3.1 and 3.3.2. Right now I'm trying to perfect the specs for -fpie 
and I can update winter.txt so it has some real enforcement on first boot. 
The future it nearing. I think this should start being tested asap.




More information about the hlfs-dev mailing list