Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1432352279.548091.1494876298089.JavaMail.zimbra@computervoice.com>
Date: Mon, 15 May 2017 14:24:58 -0500 (CDT)
From: Paul Sturm <psturm@...putervoice.com>
To: musl <musl@...ts.openwall.com>
Subject: Re: Static PIE with musl and clang

I decided to take a step back and try to make this work first with gcc (7.1) and ld (2.28). Both tools were built statically and musl (1.16+) is also built as a static libc.a. 

Test program is aslr.c: 

#include <stdio.h> 

int main() { 
printf("%p\n", main); 
return 0; 
} 

gcc aslr.c -fPIE -pie -static-libgcc -Wl,-static -Wl,--no-dynamic-linker 

./a.out 
Segementation fault 

bash-4.4# readelf -e a.out 
ELF Header: 
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
Class: ELF64 
Data: 2's complement, little endian 
Version: 1 (current) 
OS/ABI: UNIX - System V 
ABI Version: 0 
Type: DYN (Shared object file) 
Machine: Advanced Micro Devices X86-64 
Version: 0x1 
Entry point address: 0x300 
Start of program headers: 64 (bytes into file) 
Start of section headers: 31560 (bytes into file) 
Flags: 0x0 
Size of this header: 64 (bytes) 
Size of program headers: 56 (bytes) 
Number of program headers: 6 
Size of section headers: 64 (bytes) 
Number of section headers: 25 
Section header string table index: 24 

Section Headers: 
[Nr] Name Type Address Offset 
Size EntSize Flags Link Info Align 
[ 0] NULL 0000000000000000 00000000 
0000000000000000 0000000000000000 0 0 0 
[ 1] .hash HASH 0000000000000190 00000190 
0000000000000014 0000000000000004 A 2 0 8 
[ 2] .dynsym DYNSYM 00000000000001a8 000001a8 
0000000000000030 0000000000000018 A 3 1 8 
[ 3] .dynstr STRTAB 00000000000001d8 000001d8 
0000000000000007 0000000000000000 A 0 0 1 
[ 4] .rela.dyn RELA 00000000000001e0 000001e0 
00000000000000c0 0000000000000018 A 2 0 8 
[ 5] .init PROGBITS 00000000000002a0 000002a0 
000000000000000d 0000000000000000 AX 0 0 1 
[ 6] .plt PROGBITS 00000000000002b0 000002b0 
0000000000000010 0000000000000010 AX 0 0 16 
[ 7] .plt.got PROGBITS 00000000000002c0 000002c0 
0000000000000018 0000000000000000 AX 0 0 8 
[ 8] .text PROGBITS 00000000000002e0 000002e0 
0000000000004f44 0000000000000000 AX 0 0 16 
[ 9] .fini PROGBITS 0000000000005224 00005224 
0000000000000008 0000000000000000 AX 0 0 1 
[10] .rodata PROGBITS 0000000000005240 00005240 
0000000000000b90 0000000000000000 A 0 0 32 
[11] .eh_frame_hdr PROGBITS 0000000000005dd0 00005dd0 
0000000000000024 0000000000000000 A 0 0 4 
[12] .eh_frame PROGBITS 0000000000005df8 00005df8 
000000000000007c 0000000000000000 A 0 0 8 
[13] .ctors PROGBITS 0000000000205e88 00005e88 
0000000000000010 0000000000000000 WA 0 0 8 
[14] .dtors PROGBITS 0000000000205e98 00005e98 
0000000000000010 0000000000000000 WA 0 0 8 
[15] .data.rel.ro PROGBITS 0000000000205ea8 00005ea8 
0000000000000008 0000000000000000 WA 0 0 8 
[16] .dynamic DYNAMIC 0000000000205eb0 00005eb0 
0000000000000130 0000000000000010 WA 3 0 8 
[17] .got PROGBITS 0000000000205fe0 00005fe0 
0000000000000020 0000000000000008 WA 0 0 8 
[18] .got.plt PROGBITS 0000000000206000 00006000 
0000000000000018 0000000000000008 WA 0 0 8 
[19] .data PROGBITS 0000000000206018 00006018 
00000000000000f8 0000000000000000 WA 0 0 8 
[20] .bss NOBITS 0000000000206120 00006110 
00000000000006e0 0000000000000000 WA 0 0 32 
[21] .comment PROGBITS 0000000000000000 00006110 
000000000000003e 0000000000000001 MS 0 0 1 
[22] .symtab SYMTAB 0000000000000000 00006150 
00000000000010e0 0000000000000018 23 100 8 
[23] .strtab STRTAB 0000000000000000 00007230 
000000000000085b 0000000000000000 0 0 1 
[24] .shstrtab STRTAB 0000000000000000 00007a8b 
00000000000000b7 0000000000000000 0 0 1 
Key to Flags: 
W (write), A (alloc), X (execute), M (merge), S (strings), I (info), 
L (link order), O (extra OS processing required), G (group), T (TLS), 
C (compressed), x (unknown), o (OS specific), E (exclude), 
l (large), p (processor specific) 

Program Headers: 
Type Offset VirtAddr PhysAddr 
FileSiz MemSiz Flags Align 
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 
0x0000000000005e74 0x0000000000005e74 R E 0x200000 
LOAD 0x0000000000005e88 0x0000000000205e88 0x0000000000205e88 
0x0000000000000288 0x0000000000000978 RW 0x200000 
DYNAMIC 0x0000000000005eb0 0x0000000000205eb0 0x0000000000205eb0 
0x0000000000000130 0x0000000000000130 RW 0x8 
GNU_EH_FRAME 0x0000000000005dd0 0x0000000000005dd0 0x0000000000005dd0 
0x0000000000000024 0x0000000000000024 R 0x4 
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 
0x0000000000000000 0x0000000000000000 RW 0x10 
GNU_RELRO 0x0000000000005e88 0x0000000000205e88 0x0000000000205e88 
0x0000000000000178 0x0000000000000178 R 0x1 

Section to Segment mapping: 
Segment Sections... 
00 .hash .dynsym .dynstr .rela.dyn .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame 
01 .ctors .dtors .data.rel.ro .dynamic .got .got.plt .data .bss 
02 .dynamic 
03 .eh_frame_hdr 
04 
05 .ctors .dtors .data.rel.ro .dynamic .got 
bash-4.4# 

bash-4.4# readelf -d a.out 

Dynamic section at offset 0x5eb0 contains 15 entries: 
Tag Type Name/Value 
0x000000000000000c (INIT) 0x2a0 
0x000000000000000d (FINI) 0x5224 
0x0000000000000004 (HASH) 0x190 
0x0000000000000005 (STRTAB) 0x1d8 
0x0000000000000006 (SYMTAB) 0x1a8 
0x000000000000000a (STRSZ) 7 (bytes) 
0x000000000000000b (SYMENT) 24 (bytes) 
0x0000000000000015 (DEBUG) 0x0 
0x0000000000000003 (PLTGOT) 0x206000 
0x0000000000000007 (RELA) 0x1e0 
0x0000000000000008 (RELASZ) 192 (bytes) 
0x0000000000000009 (RELAENT) 24 (bytes) 
0x000000006ffffffb (FLAGS_1) Flags: PIE 
0x000000006ffffff9 (RELACOUNT) 8 
0x0000000000000000 (NULL) 0x0 


From: "Szabolcs Nagy" <nsz@...t70.net> 
To: "musl" <musl@...ts.openwall.com> 
Sent: Sunday, March 5, 2017 12:21:18 PM 
Subject: Re: [musl] Static PIE with musl and clang 

* Paul Sturm <psturm@...putervoice.com> [2017-03-04 21:41:24 -0600]: 
> clang /usr/lib/rcrt1.o ../aslr.c -o aslr -fPIE -shared -Bsymbolic -Wl,--no-dynamic-linker 
> ). 
> ./aslr seg faults when I run it. 

you did not static link the libc at all 

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.