9 Jun
2016
9 Jun
'16
9:10 p.m.
Hello,
On Thu, 9 Jun 2016 23:01:30 +0200, Waldemar Brodkorb wrote:
flannel is written in Go, so it's always built statically. So even when
a dynamically-linked capable toolchain is used (which provides
Scrt1.o), flannel is built as a static binary. Why would it work in
this case, and not a fully static toolchain ?
It would be
good if you could investigate why uClibc doesn't produce
Scrt1.o when HAVE_SHARED is disabled.
At the moment Scrt1.o is only build under following condition:
ifeq ($(HAVE_SHARED)$(UCLIBC_FORMAT_SHARED_FLAT),y)
I tried to compile a simple hello world as static PIE for ARM and
this is not really straight forward. You need at least binutils 2.26
to use -W,--no-dynamic-linker otherwise PT_INTERP is added to the
resulting executable. After that I tried to run it in Qemu (system
and user level tried) and the binary fails to execute with a
segmentation fault.
So even if we add Scrt1.o somehow to the toolchains, the binaries
will not work on the target. Scrt1.o is just PIC version of crt1.c.
So the PIC assembly in uClibc-ng might be just broken.
Is it really required for flannel to work to use static PIE? In my point of view it is some kind of security
feature used on
Linux together with address space layout randomization.
I don't know flannel, but security related software as OpenSSH
does allow to build with and without PIE.
I agree that PIE should be optional, but I'm not sure if it's flannel
itself that decides to be built with PIE, or just the whole Go stuff.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com