[Development] -reduce-relocations vs hardening

Lisandro Damián Nicanor Pérez Meyer perezmeyer at gmail.com
Thu Aug 20 23:17:28 CEST 2015


On Thursday 20 August 2015 14:08:40 Thiago Macieira wrote:
> On Thursday 20 August 2015 22:16:15 Kevin Kofler wrote:
> > Lisandro Damián Nicanor Pérez Meyer wrote:
> > > Hi! yesterday I received a [bug] report asking Qt to not requiring apps
> > > using it to pass -fPIC (actually to let the app use -fPIE) due to
> > > hardening reasons.
> > 
> > -fPIC actually allows the same hardening as -fPIE. PIE is basically the
> > subset of PIC required for hardening.
> 
> Right.
> 
> -fPIE is -fPIC but with some extra optimisations that assume that the code
> being generated is the first one to ever be loaded into memory. That means
> it knows none of its symbols may be interposed (including ones it
> copy-relocated) and that thread-specific variables may use the initial-exec
> and local-exec TLS models.
> 
> The problem isn't "preventing hardening". The problem is the hardening
> adding -fPIE to code that otherwise was already using -fPIC. Just leave it
> at -fPIC.

Better imposible =)

Thank you very much you two!

-- 

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/development/attachments/20150820/44c2039a/attachment.sig>


More information about the Development mailing list