NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Security and PAX
On Tue, Jun 16, 2015 at 02:41:45PM -0400, Christos Zoulas wrote:
> On Jun 16, 7:54pm, rhino64%epost.ch@localhost (rhino64%epost.ch@localhost) wrote:
> -- Subject: Re: Security and PAX
>
> | Hoewever, I get a new error message when I try to do manually
> | the link command:
> | ----------------------------------------------------------------------------------------------
> | virtualisation# cc -static -Wl,-I/libexec/ld.elf_so -Wl,-pie -o zsh main.o `cat stamp-modobjs` -lc_pic -ltermcap_pic -lrt_pic -lm_pic
> | ld: /usr/lib/libc.a(errx.o): relocation R_X86_64_32 against `.text' can not be used when making a shared object; recompile with -fPIC
> | /usr/lib/libc.a: could not read symbols: Bad value
> | ----------------------------------------------------------------------------------------------
> |
> | I don't understand well the meaning of "R_X86_64_32" since I compile
> | in 64 bits (what mean "32"?) as you can see in the static version of the executable:
>
> This means that you are picking up some code that it is not PIC; the 32 here
> means 32 bit offsets.
>
> The order of the libraries is wrong, you need to put -lc_pic last because
> the others depend on symbols from it. There is a way to cheat by repeating
> all the libraries twice :-)
>
> christos
Hi,
Thanks for your advices. Finally I have succeeded to compile
ZSH as a pseudo statically linked program which is usable
with PAX.
I have done the following operations:
1) Compile zsh statically
2) Remove zsh in .../pkgsrc/shell/zsh/work/zsh-5.3.2/Src
3) make -n (in the directory .../pkgsrc/shell/zsh/work/zsh-5.3.2/Src)
4) add the needed libraries in the file "/usr/pkg/etc/mk.conf"
5) in the directory .../pkgsrc/shell/zsh I have passed the commands
a) bmake clean
b) bmake package
kind regards,
Here is my file "/usr/pkg/etc/mk.conf"
---------------------------------------------------------------------------
# Ven jui 19 14:03:43 CEST 2015
.ifdef BSD_PKG_MK # begin pkgsrc settings
PKG_DBDIR= /var/db/pkg
LOCALBASE= /usr/pkg
VARBASE= /var
PKG_TOOLS_BIN= /usr/pkg/sbin
PKGINFODIR= info
PKGMANDIR= man
#The following variable are for building executable
#with a maximum security.
MKPIE= yes
USE_SSP= yes
USE_FORT= yes
CFLAGS += -O3 -fpie -fstack-protector-all -mfpmath=sse -msse3 -march=native
#Generally, its better to have statically linked
#important executables to avoid problems
#with shared libs (which can disapear or be out of sync)
.if !empty(.CURDIR:M/usr/local/pkgsrc/shells/zsh*)
#The use of this variable is sufficient to achieve
#the compilation of ZSH statically.
ZSH_STATIC=yes
LDFLAGS = -Wl,-static -Wl,-I/libexec/ld.elf_so -Wl,-pie -Wl,-start-group
LDFLAGS += -ltermcap_pic -lrt_pic -lm_pic -lc_pic -Wl,-end-group
.elif !empty(.CURDIR:M/usr/local/pkgsrc/converters/dos2unix*) | \
!empty(.CURDIR:M/usr/local/pkgsrc/net/wget*)
#In order to have fully static compilation, it is important to
#have the static parameter as the first parameter (to avoid
#linking with shared libs declared before the static flags).
CFLAGS+=-static -static-libgcc
CXXFLAGS+=-static -static-libgcc
LDFLAGS+=-static
.endif #Statically compiled progs
.endif # end pkgsrc settings
--------------------------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index