0.3 textrel

Robert Connolly robert at linuxfromscratch.org
Sun Dec 23 21:22:35 PST 2007


On Sunday December 23 2007 07:14:40 am goodoldmarty at gmail.com wrote:
> > I think I have a fix. The bug is in the gcc-fpie patch. Using -fpic on
> > the command line would not disable -fPIE, and some libraries, like the
> > pic version of libiberty, end up with text relocation's. From what I see
> > this only affected libbfd and libproc. New patch is here:
> > http://www.linuxfromscratch.org/~robert/new/gcc-4.1.2-fpie-20071223.patch
>
> I don't disagree with the objectives, but that patch is just
> spoon-feeding anyway. Some people prefer to specify 'all' their own
> options. What's wrong with instructions to do that, instead of patch's?

The fpie, fstack-protector, and fortify_source patches are split up and don't 
depend on eachother, so you can choose whichever ones you want. There isn't 
another practical way to do it.

> Preventing TEXTREL is logical, but what about preventing ELF ET_REL
> injection in kernel memory? The available tools can now evade
> PAX/grsecurity and they do this from user space; I find this disturbing.

I don't know anything about this, maybe someone else does.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20071224/fd3fc848/attachment.sig>


More information about the hlfs-dev mailing list