<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="xmsonormal" style="background:white">Hello,<o:p></o:p></p>
<p class="xmsonormal" style="background:white">After introduction 5.34 file version, we have problem with rpmbuild functionality, where rpmbuild scripts as example [2] are dependent on file command output. Problem is identical to reported issue
<a href="https://bugs.astron.com/view.php?id=28">https://bugs.astron.com/view.php?id=28</a>. “0000028: file reports a dynamically linked library as ELF 32-bit LSB pie executable instead of ELF 32-bit LSB shared object”. Which was closed as not relevant.<o:p></o:p></p>
<p class="xmsonormal" style="background:white">Currently with 5.34 version. Shared libraries with executable permissions are identified as LSB pie executable irrespectively if PIE flag was used or not during compilation. Unfortunately executable permission
is set by gcc. And historically shared libraries exec permission was required by some systems. As suggested, problem can be workaround by build scripts, but it will required big effort. <o:p></o:p></p>
<p class="xmsonormal" style="background:white">I would say that that PIE shared executable, should be compiled as position independent executable. And not only have executable permission. Good reference could be hardening-check script (included in hardening-check
fedora package), where similar checks is done. <o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Please see following example program outputs. Do you think that with provided evidence I can fill new bug issue or original issue can be re-opened?<o:p></o:p></span></p>
<p class="xmsonormal" style="background:white"><o:p> </o:p></p>
<p class="xmsonormal" style="background:white">Example outputs from Fedora29 (file v5.34).<o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Test program code [1].</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Standard library not compiled as PIE.</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">$ gcc -shared datafiles/f1.c -o test.so && file test.so
</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2e098dfec88651f7d8e1a9b659e1d73fd8abce03, not stripped</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">$ hardening-check test.so | head -n 2</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so:</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Position Independent Executable: no, regular shared library (ignored)</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">$ gcc -shared -Fpie -pie datafiles/f1.c -o test.so && file test.so</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=f4d2decbc89da2648e54d2958d572fee60b2cf3d,
not stripped</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">$ hardening-check test.so | head -n 2</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so:</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Position Independent Executable: yes</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">This is expected output.</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">By adding linker option ‘now’, file functionality is influence that it’s not detecting PIE executable anymore. Even for libraries compiled/linked as PIE.</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">gcc -shared -Wl,-z,now datafiles/f1.c -o test.so && file test.so</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dc022a605852672357cc32be98e4d315750f4c9b, not stripped</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">hardening-check test.so | head -n 2</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so:</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Position Independent Executable: no, regular shared library (ignored)</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">gcc -shared -Fpie -pie -Wl,-z,now datafiles/f1.c -o test.so && file test.so</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=959009df7fb77261e7ad04435e711a1d0aaeb319,
not stripped</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">hardening-check test.so | head -n 2</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">test.so:</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">Position Independent Executable: yes</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"><o:p> </o:p></span></p>
<p class="xmsonormal" style="background:white">With Regards Petr Hruska<o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> </span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">[1]<o:p></o:p></span></p>
<p class="xmsonormal" style="background:white"><span style="font-size:12.0pt">The test program is based on LTP file:</span><span style="color:windowtext"><o:p></o:p></span></p>
<p class="xmsonormal" style="background:white"><span style="font-size:12.0pt"><a href="https://github.com/linux-test-project/ltp/blob/master/testcases/commands/ld/datafiles/f1.c">https://github.com/linux-test-project/ltp/blob/master/testcases/commands/ld/datafiles/f1.c</a></span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">$ cat datafiles/f1.c</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">void f1(void)</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">{</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> int i = 69;</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> i = i;</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> return;</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">}</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">int main()</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">{</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> f1();</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext"> return 0;</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">}</span><o:p></o:p></p>
<p class="xmsonormal" style="background:white"><span style="color:windowtext">There test was failing and following workaround was added.<o:p></o:p></span></p>
<p class="xmsonormal" style="background:white"><span style="font-size:12.0pt"><a href="https://github.com/linux-test-project/ltp/commit/3da72141d1dbd1eba35b0b3ccc4de36319d29b6d">https://github.com/linux-test-project/ltp/commit/3da72141d1dbd1eba35b0b3ccc4de36319d29b6d</a></span><span style="color:windowtext"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">[2]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Script which is dependent on file output in rpmbuild<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><a href="https://github.com/rpm-software-management/rpm/blob/master/scripts/brp-strip">https://github.com/rpm-software-management/rpm/blob/master/scripts/brp-strip</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>