Position Independent Executables (PIE)
Jakub Jelinek
jakub at redhat.com
Fri Oct 10 19:29:19 UTC 2003
On Fri, Oct 10, 2003 at 09:11:11PM +0200, Xose Vazquez Perez wrote:
> shrek-m at gmx.de wrote:
>
> > will this be included in other kernels too?
> >
> >
> > http://www.networknews.co.uk/News/1143925
> >
> > The RHEL 3 server operating system, due to ship within weeks, includes a
> > feature called Position Independent Executables (PIE). This is a
> > modification to the Linux kernel developed by Red Hat to reduce the
> > threat from worms and other buffer-overflow based attacks.
>
> I think that "Position Independent Executables (PIE)" is the same than
> mingo's work called exec-shield http://people.redhat.com/mingo/exec-shield .
> And it is included in Fedora.
It is related, but not the same.
Position Independent Executable is an ELF ET_DYN executable which can be loaded
at any address kernel chooses (basically something in between normal
executable and shared library). It is primarily a binutils/gcc/glibc thingie
(see ld -pie option, gcc -pie, -fpie and -fPIE options).
Without the exec-shield patch this is not much useful, you can run those
PI binaries, but they will be loaded always at the same address.
What exec-shield patch does is it randomizes the base address at which
PIEs are loaded.
Jakub
More information about the fedora-test-list
mailing list