mobile-shell/mosh

Investigate -pie vs -Wl,-pie on OS X

Open

#273 opened on May 15, 2012

View on GitHub
 (0 comments) (0 reactions) (0 assignees)C++ (12,063 stars) (737 forks)batch import
OS Xbuggood first issuesecurity

Description

[from a blog comment]

I believe for Mac OS X you need to use -Wl,-pie even with gcc. If you use gcc -v when linking on Mac OS X you won't see -pie being passed to the linker. Here's the output of otool -h on an executable built with -pie in LDFLAGS on Mac OS X 10.6:

Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 11 1776 0x00000085

Compare that to one built with -Wl,-pie

Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 11 1776 0x00200085

In /usr/include/mach-o/loader.h we find this:

#define MH_PIE 0x200000 /* When this bit is set, the OS will
load the main executable at a
random address. Only used in
MH_EXECUTE filetypes. */

Contributor guide

Tech stack
ccppshell
Domain
build systemsecurity
Issue type
research
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Familiarity with C/C++ compilationKnowledge of linker flagsAccess to macOS systemBasic understanding of Mach O format
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
40
Research direction
Investigate the current build system (likely autotools or CMake) to see how pie is currently passed. On macOS, test with both pie and Wl, pie and compare the resulting Mach header using otool h. Then update the build configuration to use Wl, pie on macOS if needed. Ensure that the MH PIE flag is set in the resulting binary.