On Sat, 2007-11-03 at 23:00 -0500, Brian Kroth wrote:
> >> based on the maps files, both cactid and nagios are PIEs. two questions:
> >> are they the only PIEs on this system (that regularly run, that is) and
> >> do you have PIEs on the other systems that don't show the symptomps?
> > 
> > I'm using the hardened/x86/2.6 profile which enables the pic use flag. 
> > Here's where my understanding gets hazy.  PIC != PIE, but the two are 
> > related in that PIC creates position independent code, but not for 
> > executables?  Anyways, how would I check?

file, scanelf, readelf..

> 
> Reading some wikipedia on this now to try and understand it a little 
> better, but it didn't give me any insight as to how to read the maps 
> file to determine whether or not it was a pie.
> 
> I re-emerged cacti-cactid and did not see pic or pie in the output at 
> all.  Is that just enabled by default by the compiler?  It looks like it.

The profile auto enables USE=hardened on gcc which would result in a 
compiler that will generate position independent executable with ssp 
enabled by default. The 'pic' flag is only used in the tree to enable 
alternative position independent versions of hand written assembly in a
few packages or work around other non pic code that we would prefer to
be pic otherwise in pkgs.

gcc-config gives you the option of switching to various combinations of 
these flags enabled by the hardened compiler using spec files.

For userland debugging it's usually best to switch to the gcc specs to 
the ones labeled 'vanilla and recompile the programs in question with a 
command like 
bash# gcc-config i686-pc-linux-gnu-3.4.6-vanilla
bash# . /etc/profile ; . ~/.bash_profile

See also
http://www.gentoo.org/proj/en/qa/backtraces.xml
http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml

-- 
[EMAIL PROTECTED] mailing list

Reply via email to