On 2011-05-11, Kevin Fenzi kevin@scrye.com wrote:
- #563 suggested policy: all daemons must set RELRO and PIE flags (nirik, 17:35:15)
- AGREED: will enable them both by default in rawhide and see if we run into issues. (nirik, 17:39:26)
Hm, right now I found a problem caused by enabling PIE in an application. It's about edquota segfaulting in nss_db (bug #703567):
edquota has global non-static variable `dirname'. edquota calls libc getpwnam(), getpwnam dlopens nss_db, nss_db calls libc dirname(). But because edquota is PIE, the dirname symbol is made dynamic and visible in symbol table. Then dynamic linker preffers dirname form edquota and nss_db jumps on address of edquota dirname variable. Ooops.
One could say mark all global objects and functions as static. But this is a lot of code to change and there still remains symbols that must be made accesible from other object files. I guess dynamic linking with PIE executables will polute name space outrageously.
-- Petr