[File] v5.34 - Shared libraries detected as PIE executable

Hruska, Petr (Nokia - CZ/Prague) petr.hruska at nokia.com
Thu Jan 31 10:19:37 UTC 2019 

Hello,

After introduction 5.34 file version, we have problem with rpmbuild functionality, where rpmbuild scripts as example [2] are dependent on file command output. Problem is identical to reported issue https://bugs.astron.com/view.php?id=28. "0000028: file reports a dynamically linked library as ELF 32-bit LSB pie executable instead of ELF 32-bit LSB shared object". Which was closed as not relevant.

Currently with 5.34 version. Shared libraries with executable permissions are identified as  LSB pie executable irrespectively if PIE flag was used or not during compilation. Unfortunately executable permission is set by gcc. And historically shared libraries exec permission was required by some systems. As suggested, problem can be workaround by build scripts, but it will required big effort.

I would say that that PIE shared executable, should be compiled as position independent executable. And not only have executable permission. Good reference could be hardening-check script (included in hardening-check fedora package), where similar checks is done.

Please see following example program outputs. Do you think that with provided evidence I can fill new bug issue or original issue can be re-opened?



Example outputs from Fedora29 (file v5.34).

Test program code [1].

Standard library not compiled as PIE.

$ gcc -shared  datafiles/f1.c -o test.so && file test.so

test.so: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2e098dfec88651f7d8e1a9b659e1d73fd8abce03, not stripped

$ hardening-check test.so | head -n 2

test.so:

Position Independent Executable: no, regular shared library (ignored)

$ gcc -shared  -Fpie -pie datafiles/f1.c -o test.so && file test.so

test.so: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=f4d2decbc89da2648e54d2958d572fee60b2cf3d, not stripped

$ hardening-check test.so | head -n 2

test.so:

Position Independent Executable: yes

This is expected output.

By adding linker option 'now', file functionality is influence that it's not detecting PIE executable anymore. Even for libraries compiled/linked as PIE.

gcc -shared -Wl,-z,now datafiles/f1.c -o test.so && file test.so

test.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dc022a605852672357cc32be98e4d315750f4c9b, not stripped

hardening-check test.so | head -n 2

test.so:

Position Independent Executable: no, regular shared library (ignored)

gcc -shared  -Fpie -pie -Wl,-z,now datafiles/f1.c -o test.so && file test.so

test.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=959009df7fb77261e7ad04435e711a1d0aaeb319, not stripped

hardening-check test.so | head -n 2

test.so:

Position Independent Executable: yes



With Regards Petr Hruska



[1]

The test program is based on LTP file:

https://github.com/linux-test-project/ltp/blob/master/testcases/commands/ld/datafiles/f1.c

$ cat datafiles/f1.c

void f1(void)

{

        int i = 69;

        i = i;

        return;

}

int main()

{

                f1();

                return 0;

}

There test was failing and following workaround was added.

https://github.com/linux-test-project/ltp/commit/3da72141d1dbd1eba35b0b3ccc4de36319d29b6d

[2]
Script which is dependent on file output in rpmbuild
https://github.com/rpm-software-management/rpm/blob/master/scripts/brp-strip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.astron.com/pipermail/file/attachments/20190131/44c1395b/attachment.html>

More information about the File mailing list