[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

PIE / PIC in a nutshell (was: [PATCH] use -pie in CFLAGS)

From: Peter Samuelson <peter_at_p12n.org>
Date: Tue, 29 Jan 2008 14:51:16 -0600

[Branko Cibej]
> On the other hand, I'd like to hear a bit more about why we'd want to
> use -fpie, apart from that "security people" like it.

To understand PIE you must understand PIC....

PIC (position-independent code) lets you share memory-mapped executable
code between processes without hard-coding the address space location.
Shared libraries use PIC so that all instances of the library in all
running processes can use a single copy of the library code in RAM.
This technique is used on most Unix systems, though I _believe_ Windows
DLLs are not PIC and are not shared in memory.

The disadvantage of PIC is that the code itself is somewhat less
efficient, since you have to use lookup tables and registers everywhere
instead of hard-coded addresses. Even so, sharing your RAM between
processes is enough of a win that most people build all shared
libraries as PIC.

Executables don't need to be PIC because you can just hard-code the
address space of the executable code, at link time. You can't easily
do that for the libraries since they're used by multiple
executables.[1]

  [1] Well, you can. OSF/1 and perhaps other systems used to get
      around this, without PIC, by having a global address space
      allocation scheme that the linker could use, and update, each
      time you build a new system library. (It helps to have a 64-bit
      address space to play in.) But this system was something of a
      pain to use, because the allocation file was owned by root, so
      you had to 'su' in order to update it for your newly built
      library. Nobody's build systems ever seemed to do this
      automatically in 'make install', of course.

There's a secondary benefit to PIC in the security world: address space
randomization. Basically, if you can map your code to random locations
each time you start a process, most stack smashing security attacks
become infeasible, because the attacker generally has to have an
educated guess how to jump to, for example, the system() function.

If you want full address space randomization at runtime, foiling a
large class of security attacks, you can build your executables as PIC
... but the efficiency cost is high enough to be unpalatable. Which
brings us to PIE, position-independent executables. PIE provides
position independence without most of the cost of PIC. PIE only works
for executables, not shared libraries, so PIC is still used for the
latter.

Note, you still need an OS runtime that supports address space
randomization, in order for PIE to be of much practical benefit.

-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-01-29 21:51:28 CET

This is an archived mail posted to the Subversion Dev mailing list.