[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18784: Coultdn't compile emacs-24.4

From: Stefan Monnier
Subject: bug#18784: Coultdn't compile emacs-24.4
Date: Mon, 16 Mar 2015 16:29:48 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

> There is a long history of Emacs catching up with kernel hardening
> in this area. It started with setting ADDR_NO_RANDOMIZE via Linux
> personality(2), then setting the NORANDEXEC flag with paxctl(1) or
> setfattr(1). Now it seems that we need -nopie in addition.

But what does "-nopie" mean?  IIUC it means "do not generate PIE code",
so it is a "double-level workaround": not only it doesn't directly fix the
problem we have with randomization but it doesn't directly disable
randomization either.

If OTOH "-nopie" means "indicate that the code should not be relocated
even if it looks like it's position independent", then it's only
a "single-level workaround", like the ADDR_NO_RANDOMIZE and friends.

> My impression is that these are all workarounds that don't address the
> real issue.

AFAIK the only way to address directly the underlying issue is to use
a portable dumper.  Until then we'll have to consider address
randomization as plain bugs that we need to fix with things like

        Stefan "who doesn't really believe in such hardening"

reply via email to

[Prev in Thread] Current Thread [Next in Thread]