oss-sec mailing list archives
Re: Vendor adoption of PIE INFO#934476 oss-security
From: Daniel Micay <danielmicay () gmail com>
Date: Fri, 13 Mar 2015 13:19:32 -0400
On 13/03/15 11:05 AM, Solar Designer wrote:
On Thu, Mar 12, 2015 at 08:31:42PM -0700, Nick Kralevich wrote:I wanted to provide a followup on this year-old thread.Thank you!With the release of Android 5.0, Android has removed support for non-PIE binaries [1] [2]. Attempting to run a non-PIE binary will generate an error on Android. In this way, we ensure that all binaries take full advantage of Android's ASLR implementation. This is just one of the many security enhancements added in Android 5.*, and one that I hope other Linux distributions will pick up. [1] https://source.android.com/devices/tech/security/enhancements/enhancements50.html [2] https://android.googlesource.com/platform/bionic/+/76e289c026f11126fc88841b3019fd5bb419bb67
Sadly, PIE is much less useful on Android right now. Every app and many services are spawned from an initial zygote process without an exec, so nearly everything has the same ASLR bases. It is great to see progress in this space though. I hope to see the zygote process go away now that ART and modern hardware makes it much less necessary - especially if a process (or a pool) is pre-spawned during idle time. AFAIK, the change forbidding non-PIE binaries was backed out for the official 5.0 release (https://android.googlesource.com/platform/bionic/+/d81b3b275dff99561cbe5905ca63a1c72fa54a17). I guess that was fixed in 5.1? I haven't looked into it yet.
I brought this to Twitter, and here's a comment by Rich Felker: <solardiz> Android 5.0 "has removed support for non-PIE binaries. Attempting to run a non-PIE binary will generate an error" http://www.openwall.com/lists/oss-security/2015/03/13/1 <@RichFelker> @solardiz Guess that means no emacs on Android... <@solardiz> @RichFelker Why, can't one build Emacs as PIE? <@RichFelker> @solardiz The whole dumper issue. The final emacs binary is a dump of an emacs with a lisp heap full of pointers and no relocation data.
FWIW, I think various distributions are going to enable it once the PIE by default patches land: https://www.mail-archive.com/gcc-patches () gcc gnu org/msg105030.html There has been no luck getting someone to review them, so they missed the GCC 5 freeze deadline despite being ready before then. I proposed that we enable it by default on Arch via wrapper scripts, but it was rejected in favour of waiting for this patch to land. An OpenSUSE developer also voiced interest in the patches on the GCC mailing list. It just needs a committer who feels like reviewing it.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 12)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Mar 13)