Recent

Author Topic: [Solved] Fix hardening-no-pie with fpc > 3.0.4  (Read 15579 times)

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11352
  • FPC developer.
Re: Fix hardening-no-pie with fpc > 3.0.4
« Reply #15 on: October 22, 2021, 12:24:04 pm »
Was there change in that unit in fpc 3.2.0 vs fpc 3.0.4 ?

You are the git expert, not me :-)

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: Fix hardening-no-pie with fpc > 3.0.4
« Reply #16 on: October 22, 2021, 12:52:15 pm »
Hello Davo.

Hum, I downloaded your last release and this is the result I get with lintian:
...
W: hardening-no-pie


Damm, I must have dropped the hardening out of the DIY binary, its only there in the version I send to Debian. Sigh ...

I'll confirm that and let you know.

Davo
Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: Fix hardening-no-pie with fpc > 3.0.4
« Reply #17 on: October 22, 2021, 01:22:42 pm »
Sorry Fred, I see the problem. You have downloaded one of my release binary packages and run lintian on that ?  No, I do not harden my normal release packages, hardening is reported to slow then down and IMHO its not necessary on a desktop. And tomboy-ng is a desktop application.

I only do the hardening on the src package I send to debian to put in their distribution.

I suggested you build tomboy-ng on your system. The build receipt I sent you DOES apply hardening. once you have made the binary (not downloaded it from my github) you can use the file command as in the attached image, note it mentions 'pie'.
Davo

Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: Fix hardening-no-pie with fpc > 3.0.4
« Reply #18 on: October 22, 2021, 06:59:09 pm »
Hello.

I did try to compile + link my application using last trunk fpc 3.3.1. and -Cg -k-pie -k-znow

And ...

 ;D

Here the note of the compiler:

Quote
9015) Linking strumpract
/usr/bin/ld: /usr/lib/fpc/3.3.1/units/x86_64-linux/rtl/si_c.o: warning: relocation against `SI_C_$$_INI_DUMMY' in read-only section `.text.n_si_c_$$__fpc_libc_start'
/usr/bin/ld: warning: creating DT_TEXTREL in a PIE
(1008) 568211 lines compiled, 13.9 sec, 4011360 bytes code, 2658232 bytes data
(1021) 175 warning(s) issued
(1022) 3111 hint(s) issued
(1023) 407 note(s) issued

Code: Pascal  [Select][+][-]
  1. fred@fredvs ~> file /home/fred/strumpract/src/strumpract

Quote
/home/fred/strumpract/src/strumpract: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped

Conclusion: OK, but only with fpc 3.3.1 or fpc 3.0.4.

Fre;D
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #19 on: October 23, 2021, 01:54:53 am »
Sorry Fred, I have to disagree.  If you tried what I suggested, you would too ! This is on a current debian bullseye using the debian repo FPC320 and Lazarus that you must use to test a src package.

Note I do see an warning I have not seen before but it does build a pie executable and that executable, when popped into a deb does not generate an hardening warning.

See attached image.

I have also built a deb src and tested it, I get a few new spelling warnings that will have to be fixed, thats all.

Davo

Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #20 on: October 23, 2021, 02:27:33 am »
Sorry Fred, I have to disagree.  If you tried what I suggested, you would too !
Davo

Hello Davo.

Huh, may I know what you have to disagree?

I did try to compile tomboy-ng like you suggested, using source from your github site but it fails to compile with this:

Quote
savenote.pas(476,9) Error: Identifier not found "BulletOne"
savenote.pas(476,21) Error: Constant Expression expected
savenote.pas(477,9) Error: Identifier not found "BulletTwo"
savenote.pas(477,21) Error: Constant Expression expected
savenote.pas(477,21) Error: duplicate case label
savenote.pas(478,9) Error: Identifier not found "BulletThree"
savenote.pas(478,21) Error: Constant Expression expected
savenote.pas(478,21) Error: duplicate case label
savenote.pas(479,9) Error: Identifier not found "BulletFour"
savenote.pas(479,21) Error: Constant Expression expected
savenote.pas(479,21) Error: duplicate case label
savenote.pas(480,9) Error: Identifier not found "BulletFive"
savenote.pas(480,21) Error: Constant Expression expected
savenote.pas(480,21) Error: duplicate case label
savenote.pas(481,9) Error: Identifier not found "BulletSix"
savenote.pas(481,21) Error: Constant Expression expected
savenote.pas(481,21) Error: duplicate case label
savenote.pas(482,9) Error: Identifier not found "BulletSeven"
savenote.pas(482,21) Error: Constant Expression expected
savenote.pas(482,21) Error: duplicate case label
savenote.pas(483,9) Error: Identifier not found "BulletEight"
savenote.pas(483,21) Error: Constant Expression expected
savenote.pas(483,21) Error: duplicate case label

I have quasi no experience with Lazarus or with LCL.

But I trust you if you was able to compile your program with -Cg parameter and fpc 3.2.0.

On my side, all the msegui programs that I did try to compile with -Cg fail with fpc 3.2.0. ( but ok with 3.0.4 ).

But the excellent news is that with fpc 3.3.1. the compilation is ok and linking too.

Anyway many thanks for your precious infos and sorry if I hurt you for something.

Fre;D
« Last Edit: October 23, 2021, 02:22:56 pm by Fred vS »
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #21 on: October 23, 2021, 05:42:32 am »
Certainly no hurt Fred.

It will not help you to compile with FPC3.3.1, if you submit your source package to Debian, it has to be compiled with the compiler on their build machine, right now, that appears to be Bullseye and Bullseye uses FPC3.2.0

So, you need to compile, without errors, on 3.2.0.

Please repeat that test with my code. Because I only build for Debian at release time, I had not checked it out before I sent you those instructions. And, sure enough, I had forgotten I have changed, temporary, where I get my kcontrols from. I fixed that some 12 hours ago, sorry I did not check first.

If you start again, bring down a new copy of prepare.ppa into a clean directory, it will (probably) all work. I have tried it here on two different VMs.

Anyway, the fact is, FPC3.2.0 will compile and link fine. Why its not for you is uncertain. I suspect that you build your own FPC ?  If that the case, Marcov's explanation may the the answer. However, to build for Debian, it must build using the Debian repo FPC.

Maybe it would be a good idea to install FPC from the debian repository ? After all, thats the one it has to work with.

Davo

Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #22 on: October 23, 2021, 01:24:12 pm »
Hello Dave.

I did:

Code: Pascal  [Select][+][-]
  1. sudo apt-get install fpc

OK, fpc from Debian 11 repository is installed.

Code: Pascal  [Select][+][-]
  1. @fredvs ~> fpc

Quote
Free Pascal Compiler version 3.2.0+dfsg-12 [2021/01/25] for x86_64
Copyright (c) 1993-2020 by Florian Klaempfl and others

So I try to compile with that fpc version ( before I did try with the official fpc 3.2.2 from fpc repository ).

Here the result with -Cg -k-znow -k-pie parameter:

Quote
Hint: (11030) Start of reading config file /etc/fpc.cfg
Hint: (11031) End of reading config file /etc/fpc.cfg
Free Pascal Compiler version 3.2.0+dfsg-12 [2021/01/25] for x86_64
Copyright (c) 1993-2020 by Florian Klaempfl and others
(1002) Target OS: Linux for x86-64
(3104) Compiling strumpract.pas
...
/usr/bin/ld.bfd: units/filelistform.o: relocation R_X86_64_32S against symbol `TC_$MAIN_$$_HASINIT' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msegui.o: relocation R_X86_64_32S against `.bss.n_u_$msegui_$$_appinst' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/main.o: relocation R_X86_64_32S against symbol `U_$RANDOMNOTE_$$_RANDOMNOTEFO' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/drums.o: relocation R_X86_64_32S against symbol `TC_$DRUMS_$$_WASCREATED' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/songplayer.o: relocation R_X86_64_32S against symbol `_$SONGPLAYER$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/commander.o: relocation R_X86_64_32S against symbol `TC_$COMMANDER_$$_DOCALLBACK' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/config.o: relocation R_X86_64_32S against symbol `U_$UOS_FLAT_$$_UOSDEVICECOUNT' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/guitars.o: relocation R_X86_64_32S against symbol `U_$GUITARS_$$_AGUITAR' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/recorder.o: relocation R_X86_64_32S against symbol `U_$RECORDER_$$_XRECLIVE' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/imagedancer.o: relocation R_X86_64_32S against symbol `_$IMAGEDANCER$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/status.o: relocation R_X86_64_32S against symbol `TC_$STATUS_$$_TYPSTAT' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/spectrum1.o: relocation R_X86_64_32S against symbol `U_$MAIN_$$_MAINFO' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/waveform.o: relocation R_X86_64_32S against symbol `U_$SONGPLAYER_$$_SONGPLAYERFO' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/randomnote.o: relocation R_X86_64_32S against symbol `_$RANDOMNOTE$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/equalizer.o: relocation R_X86_64_32S against symbol `_$EQUALIZER$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/findmessage.o: relocation R_X86_64_32S against symbol `TC_$FINDMESSAGE_$$_IMESSAGES' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/dialogfiles.o: relocation R_X86_64_32S against symbol `TC_$SYSUTILS_$$_DEFAULTFORMATSETTINGS' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/dockpanel1.o: relocation R_X86_64_32S against symbol `TC_$MSEGRAPHUTILS_$$_NULLPOINT' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/mseguiintf.o: relocation R_X86_64_32S against `.bss.n_u_$mseguiintf_$$_stringatom' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msemenus.o: relocation R_X86_64_32S against symbol `RESSTR_$RTLCONSTS_$$_SLISTINDEXERROR' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msefileutils.o: relocation R_X86_64_32S against symbol `TC_$MSEFILEUTILS_$$_SORTFLAGS' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msegraphics.o: relocation R_X86_64_32S against symbol `U_$MSEGRAPHICS_$$_FLUSHGDI' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msegraphutils.o: relocation R_X86_64_32S against symbol `TC_$MSEGRAPHUTILS_$$_DEFAULTNAMEDRGB' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/mseclasses.o: relocation R_X86_64_32S against `.bss.n_u_$mseclasses_$$_fmodules' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/mseforms.o: relocation R_X86_64_32S against `.data.n_TC_$MSEFORMS_$$_CONTAINERCOMMONFLAGS' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msedock.o: relocation R_X86_64_32S against symbol `_$MSEDOCK$_Ld2' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrapen.o: relocation R_X86_64_32S against symbol `_$BGRAPEN$_Ld3' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrapath.o: relocation R_X86_64_32S against symbol `_$BGRAPATH$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrapolygon.o: relocation R_X86_64_32S against symbol `_$BGRAPOLYGON$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrapolygonaliased.o: relocation R_X86_64_32S against symbol `U_$BGRABITMAPTYPES_$$_GAMMAEXPANSIONTAB' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrablend.o: relocation R_X86_64_32S against symbol `U_$BGRABITMAPTYPES_$$_GAMMAEXPANSIONTAB' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgraresample.o: relocation R_X86_64_32S against symbol `U_$BGRABITMAPTYPES_$$_BGRAPIXELTRANSPARENT' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrafillinfo.o: relocation R_X86_64_32S against symbol `_$BGRAFILLINFO$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgragradientscanner.o: relocation R_X86_64_32S against symbol `U_$BGRABITMAPTYPES_$$_GAMMAEXPANSIONTAB' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgrasse.o: relocation R_X86_64_32S against symbol `_$BGRASSE$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/bgraarrow.o: relocation R_X86_64_32S against symbol `_$BGRAARROW$_Ld1' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msedatanodes.o: relocation R_X86_64_32S against symbol `TC_$MSEDATANODES_$$_STATSTATES' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/mseedit.o: relocation R_X86_64_32S against symbol
/usr/bin/ld.bfd: units/msefpreadpng.o: relocation R_X86_64_32S against symbol `TC_$MSEPNGCOMN_$$_CHUNKTYPES' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/mse_zstream.o: relocation R_X86_64_32S against symbol `RESSTR_$MSE_ZSTREAM_$$_SSEEK_FAILED' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: units/msefpimgcmn.o: relocation R_X86_64_32S against `.bss.n_u_$msefpimgcmn_$$_crctable' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /usr/lib/x86_64-linux-gnu/fpc/3.2.0/units/x86_64-linux/rtl/si_c.o: warning: relocation in read-only section `.text.n_si_c_$$__fpc_libc_start'
Error: (9013) Error while linking
Fatal: (10026) There were 1 errors compiling module, stopping
Fatal: (1018) Compilation aborted
Error: /usr/bin/ppcx64 returned an error exitcode

As you can see, many errors ( I removed lot of lines because too big for forum-site ) but not only from msegui, also from BGRABitmap and Zeos.

But compiling with fpc 3.3.1 or 3.0.4 = no error.

I dont have plan to give deb files for Debian repository, it is for testing the fpc feature and the possibility to create pie binary for msegui.

Fre;D
« Last Edit: October 23, 2021, 03:05:36 pm by Fred vS »
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #23 on: October 24, 2021, 01:46:11 am »
....
I dont have plan to give deb files for Debian repository, it is for testing the fpc feature and the possibility to create pie binary for msegui.
....

Ah, I assumed, incorrectly, that you needed hardening to comply with Debian requirements. I should not guess.

Good luck with msegui, its a long way out of my limited experience space.

Davo
Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #24 on: October 24, 2021, 02:33:36 am »
....
I dont have plan to give deb files for Debian repository, it is for testing the fpc feature and the possibility to create pie binary for msegui.
....

Ah, I assumed, incorrectly, that you needed hardening to comply with Debian requirements. I should not guess.

Good luck with msegui, its a long way out of my limited experience space.

Davo

Yes, one of the goal of  hardening is also to comply with Debian requirements but for this, like you explained, I'm afraid I will have to wait until fpc 3.3.2 is released and in Debian repository.

And maybe it may take some time...  :-X

Fre;D
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

dbannon

  • Hero Member
  • *****
  • Posts: 2778
    • tomboy-ng, a rewrite of the classic Tomboy
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #25 on: October 29, 2021, 09:57:52 am »
While noting that in another thread, Fred has raised and seen that this problem is fixed in FPC3.2.3, I'd like to just add one more postscript -

In my application, using FPC3.2.0, hardening does work on a debian platform but not an Ubuntu one ! I have not drilled down more than that, I suspect there may be differences between repo sourced packages and DIY ones but I am rapidly loosing interest. But just in case someone stumbles across this thread and is scratching their head (or, as we say in Tasmania, their heads).

Sounds like a good reason to update to FPC3.2.4 as soon as its ready, or 3.2.3 ...

Davo
Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

han

  • Jr. Member
  • **
  • Posts: 96
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #26 on: November 06, 2021, 11:38:56 am »
I have tried the compiler options  "-Cg  -k-pie -k-znow"  but it creates a  shared library rather then an executable. Does anybody know how to avoid that?

I have installed the latest trunk using Fpcupdeluxe but it also happens with Lazurus 2.0.12

Han

Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #27 on: November 06, 2021, 03:07:28 pm »
I have tried the compiler options  "-Cg  -k-pie -k-znow"  but it creates a  shared library rather then an executable. Does anybody know how to avoid that?

I have installed the latest trunk using Fpcupdeluxe but it also happens with Lazurus 2.0.12

Han

Hello.

No, it is not a shared library but a PIE executable that you can run only via a terminal or a symlink.
It will not run if you 2X click on the executable, just use a terminal with something like:
Code: Bash  [Select][+][-]
  1. $ /path_of_your_pie/yourpieexecutable

You may check your executable with this:
Code: Bash  [Select][+][-]
  1. $ file /path_of_your_pie/yourpieexecutable
Result:
Quote
  /path_of_your_pie/yourpieexecutablet: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped
If there is a " pie" in the result, then ... it is a PIE executable.

Fre;D
« Last Edit: November 06, 2021, 06:11:37 pm by Fred vS »
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

han

  • Jr. Member
  • **
  • Posts: 96
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #28 on: November 07, 2021, 09:45:51 pm »
Thanks for the info. Yes it is executable from the command  line.  :)

What is the reason to prevent execution by a file explorer? Security?


In Ubuntu I get this for file ./executable:
   ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped

In Debian:
  ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped

The explorer of Debian LXQt is also calling it a shared library. That doesn't help.


Han



Fred vS

  • Hero Member
  • *****
  • Posts: 3158
    • StrumPract is the musicians best friend
Re: [Solved] Fix hardening-no-pie with fpc > 3.0.4
« Reply #29 on: November 07, 2021, 10:15:57 pm »
What is the reason to prevent execution by a file explorer? Security?

Yes, it is one of the reason.
You may take a look here, chapter Position-independent executables
https://en.wikipedia.org/wiki/Position-independent_code

In Ubuntu I get this for file ./executable:
   ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped
In Debian:
  ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.4.0, stripped

That is VERY strange, are you sure it is the same file?

The explorer of Debian LXQt is also calling it a shared library.

Yes, I know, I find it strange too.
If you take a look into /usr/sbin/ directory, all the executables are called "Shared Library".
In fact they are PIE executables, not libraries (or maybe a PIE executable is called shared library by the purists).
See picture of my /usr/sbin/

Fre;D
I use Lazarus 2.2.0 32/64 and FPC 3.2.2 32/64 on Debian 11 64 bit, Windows 10, Windows 7 32/64, Windows XP 32,  FreeBSD 64.
Widgetset: fpGUI, MSEgui, Win32, GTK2, Qt.

https://github.com/fredvs
https://gitlab.com/fredvs
https://codeberg.org/fredvs

 

TinyPortal © 2005-2018