Hi Alexandre!
What's the reasoning for this change? I thought the preloader should not be built as a PIE because otherwise the kernel could map it into one of the areas we need to reserve.
More to the point, the people trying to do this are thinking it will increase security. It won't, even though this code is loaded at a known offset it does not contain any code you could exploit in a return-to-libc type attack and anyway, exploits through Wine are far more likely to come in through the software being run on it than Wine itself.
There is a patch in bugzilla (I guess you saw this) to ensure -fno-pie and -fno-stack-protector is passed to gcc for the preloader.
thanks -mike
Log message: Support compiling with -fPIC for people who somehow think this is a good idea.
Mike Hearn m.hearn@signal.qinetiq.com writes:
What's the reasoning for this change? I thought the preloader should not be built as a PIE because otherwise the kernel could map it into one of the areas we need to reserve.
No, it makes no difference, you also need to link it differently to make it relocatable.
There is a patch in bugzilla (I guess you saw this) to ensure -fno-pie and -fno-stack-protector is passed to gcc for the preloader.
I don't think we want to add -fno-xxx for all possible options that people somehow might think it's a good idea to use. If people want to mess with the flags, fine, it may help us catch problems like with the -fomit-frame-pointer thing; if they don't understand what they are doing and break things, too bad. We should follow the Unix philosophy and not try to prevent people from doing stupid things.
On Fri, 24 Sep 2004 09:48:07 -0700, Alexandre Julliard wrote:
No, it makes no difference, you also need to link it differently to make it relocatable.
Ah OK, I didn't realise that. I thought -fPIE was the only thing necessary to allow the kernel to map it anywhere.
There is a patch in bugzilla (I guess you saw this) to ensure -fno-pie and -fno-stack-protector is passed to gcc for the preloader.
I don't think we want to add -fno-xxx for all possible options that people somehow might think it's a good idea to use. If people want to mess with the flags, fine, it may help us catch problems like with the -fomit-frame-pointer thing; if they don't understand what they are doing and break things, too bad. We should follow the Unix philosophy and not try to prevent people from doing stupid things.
Hehe, OK. Somebody should write down the Zen of Unix so future followers of its teachings can learn :)
thanks -mike
Mike Hearn wrote:
Hehe, OK. Somebody should write down the Zen of Unix so future followers of its teachings can learn :)
[ Sorry, this is off-topic ]
Eric Raymond tries to do exactly that in his book called 'The Art of Unix Programming':
http://www.catb.org/~esr/writings/taoup/
Notice there's a picture on the cover of a Zen master teaching a student. It's a good read if you can sidestep some of Eric's personal pet peaves (like why emacs is a better editor design than vi).
-Hans
-
Alexandre Julliard -
Hans Leidekker -
Mike Hearn -
Mike Hearn