[OSGeoLive] reg GDAL with ASLR build binaries

Jim Klassen jklassen at sharedgeo.org
Wed Aug 5 12:51:13 PDT 2020 

Are you sure you need to supply those flags at all?  Are you using a recent enough Linux Distribution?  I haven't build GDAL 2.3 in a long time (it is very old), I suppose it is possible it is doing something strange disabling PIE in the build system.

My build of GDAL 3.1 on Debian 10 built PIE executable by default (without me specifying any special compiler options).

For my GDAL 3.1 build:
$ readelf -l gdalinfo

Elf file type is DYN (Shared object file)
...



It looks like gcc/g++ in Debian 10 default to building PIE.  I'd expect similar vintage Ubuntu derivatives would do the same:

$ cat a.c
int main() { return 0; }
$ gcc a.c
$ file a.out
a.out: ELF 64-bit LSB *pie executable*, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=fde557ade69c32cd2554ee888bc892175ae86867, not stripped
$ readelf -l a.out

Elf file type is DYN (Shared object file)
...



On 8/5/20 9:55 AM, Brian M Hamlin wrote:
>
> Hi Kavitha -
>
>   In general, specialized security work is outside of the scope of the /educational mission/ at OSGeoLive project.
>
> ASLR is a security layer ?  from Google search..
>
> "Address Space Layout Randomization (*ASLR*) is a computer security technique which involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process's address space"
>
> Security is a concern at OSGeoLive, but not the primary concern. If you seek direct consulting hours, please consider a time+money budget to bring in additional skillsets.
>
> If you find a solution, please do not hesitate to share the results with the GDAL project and Ubuntu upstream, for better specialized security in the future.
>
>   others may have different resources for you on this topic
>   best regards  --Brian
>
>
> On 8/5/20 7:32 AM, Kavitha K wrote:
>> Hi All,
>>  We are trying to compile the gdal 2.3.2 source with ASLR . But we are seeing the
>>  Elf file type as EXEC (Executable file) instead DYN.
>>
>>  Please help us whether gdal build is supported the compilation with "-Fpie -pie -fPIC".
>>
>>  Steps which we followed:
>>
>>  cp gdalDevKits/gdal-2.3.2.tar.gz .
>>
>>  tar -xvf gdal-2.3.2.tar.gz
>>
>>  cd gdal-2.3.2
>>
>>  env CFLAGS="-Fpie -pie -fPIC" ./configure
>>
>>  make install
>>
>>  cd /usr/local/bin
>>
>>  readelf -l gdaltransform
>>
>>  Elf file type is EXEC (Executable file)
>>
>>  Entry point 0x40
>> Thanks,
>> Kavitha
>>
>> _______________________________________________
>> osgeolive mailing list
>> osgeolive at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/osgeolive
>
> _______________________________________________
> osgeolive mailing list
> osgeolive at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/osgeolive

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/osgeolive/attachments/20200805/66f1cc85/attachment.html>

More information about the osgeolive mailing list