[grsec] PaX
pageexec at freemail.hu
pageexec at freemail.hu
Thu May 5 10:53:22 EDT 2005
> I am using Debian Sid with Vanilla 2.6.11.7-grsec
>
> Is it possible to compile a Position Independent Executable on Debian?
it's possible by using the proper gcc/binutils versions, however
automation is another issue (e.g., changing CFLAGS/LDFLAGS is not
enough for every package, and then you'll have to pay attention to
statically linked libraries which must be PIE too if linked into
a PIE, PIC if linked into a shared library and non-PIE/non-PIC
otherwise, quite messy). you're best off by using a distro that
explicitly supports PIE.
> Should I replace my gcc for this? To what?
> Is there somewhere a gcc and binutils debian packagse what support
> "-fpie" and "fPIE" options?
i think all gcc 3.3+ versions support PIE, for ld/binutils it's
something like 2.14.90.0.6+ or so (anything since last autumn, iirc).
> Is there here enough things for this issue? (I don't think so):
> http://www.grsecurity.net/debian/dists/unstable/main/binary-i386/
> Should I use Gentoo?
i don't know where debian stands at the moment (there was a hardened
debian initiative a few months ago, no idea where it stands), however
adamantix (debian based, http://adamantix.org/) has existed for 2
years now and has a PIE userland (not grsecurity though). if you don't
have to stick to debian then the best option is hardened gentoo:
http://www.gentoo.org/proj/en/hardened/ .
More information about the grsecurity
mailing list