Bug 2730

Summary: RFE: Add gcc's position independant executable (-fPIE) support to tree
Product: xorg Reporter: Mike A. Harris <mharris>
Component: * OtherAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED WONTFIX QA Contact:
Severity: enhancement    
Priority: high CC: dberkholz, gajownik, roland.mainz
Version: git   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 6666    

Description Mike A. Harris 2005-03-14 19:44:01 UTC 
Modern versions of the gcc compiler are able to build position independant
executables on Linux (and possibly other) platforms.  Position independant
executables (PIEs) provide additional security benefits against software
based attacks on known vulnerabilities, by randomizing the address locations
of the executable code.  This helps to greatly reduce the likelyhood of
a malicious attacker successfully exploiting a known security vulnerability.

PIE support pays a slight performance cost however, and the decision to
use it for a given application or not, depends on how critical the performance
of the application is, and how great the performance cost is when the app
is built as a PIE.

Applications which are network facing servers are prime candidates for
optionally being built as PIEs, as are network clients and SUID apps.

Several applications included in Xorg packaging are daemons,
or SUID apps, of which can benefit from being built with PIE
support.

This bug is a tracker bug to track PIE requests for enhancement
in X.Org X11.
Comment 1 Mike A. Harris 2005-03-14 19:45:59 UTC 
Here is a link to some documentation on PIE, which may be useful to whomever
takes up this task:

http://people.redhat.com/drepper/nonselsec.pdf
Comment 2 Mike A. Harris 2005-03-14 19:52:08 UTC 
When implementing PIE support, it would be nice to be able to choose
which apps should get PIE, and which should not get PIE.  If there are
measureable performance loss in the X server with PIE for example, then
it might be best to default the X server to non-PIE and let the builder
override the defaults for a particular application.

Here are the applications I think would benefit the most from PIE support:

        /usr/X11R6/bin/Xorg
        /usr/X11R6/bin/Xprt
        /usr/X11R6/bin/xdm
        /usr/X11R6/bin/xfs
        /usr/X11R6/bin/Xnest
        /usr/X11R6/bin/Xvfb

Having a generic PIE flag, enabled by imake by default if the system gcc
supports PIE, and then individual boolean PIE flags for each app might
make the most sense.

ie:
    HasGccWithPie  YES

causes the following to be set:

    BuildXorgWithPIE NO
    BuildXprtWithPIE YES
    BuildXfsWithPIE YES

etc..

Then you can take the defaults, or override a particular executable to
be non-PIE if desired, etc..

Just some implementation thoughts...
Comment 3 Alan Coopersmith 2005-10-02 18:44:37 UTC 
This should be much easier in the modular tree, where you can add it to
configure.ac for only those programs it's worthwhile to use it in.
Comment 4 Adam Jackson 2005-11-22 03:23:13 UTC 
aiming this at 7.1.  but this should really be trivial with autotools, no?
Comment 5 Adam Jackson 2006-04-15 08:23:16 UTC 
probably not going to make 7.1, counts as a feature at this point.
Comment 6 Adam Jackson 2006-04-25 05:37:59 UTC 
(In reply to comment #5)
> probably not going to make 7.1, counts as a feature at this point.

Feature, moving to 7.2.
Comment 7 Mike A. Harris 2006-08-31 07:20:19 UTC 
No longer interested in tracking this feature, closing...

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.