Is there any way to force PIE?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Is there any way to force PIE?

Postby GBit » Fri Sep 06, 2013 6:32 pm

I think that's what RANDEXEC used to do, right? Randomize the base address of the executable? I know it's not supported anymore, but is there some other way to accomplish this?
GBit
 
Posts: 81
Joined: Mon Jun 04, 2012 3:31 pm

Re: Is there any way to force PIE?

Postby PaX Team » Sat Sep 07, 2013 7:16 pm

RANDEXEC was a kernel-only approach to accomplish a similar effect to what randomizing the load address of a PIE binary has - all without actually having to build a PIE. so RANDEXEC didn't 'force PIE', it worked with normal ELF executables and it really wasn't the best way to accomplish executable randomization and existed mostly to prove that it was possible to do it at all. so no, there's no other way, if you want to randomize the executables as well, build them as PIE.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Is there any way to force PIE?

Postby GBit » Sat Sep 07, 2013 9:42 pm

Alright, thank you.
GBit
 
Posts: 81
Joined: Mon Jun 04, 2012 3:31 pm

Re: Is there any way to force PIE?

Postby sfs6dzs » Tue Oct 29, 2013 4:26 pm

Can it be that an option is to by default build them with PIE? Why distributions provide RELRO,Canary,PIE etc. for binaries for the system /sbin/* and NOT for the ones the user compiles?
sfs6dzs
 
Posts: 11
Joined: Thu Jul 12, 2012 11:47 am


Return to grsecurity support

cron