[guardian-dev] Confused by Android-L PIE
David Brodsky
davidpbrodsky at gmail.com
Thu Nov 6 15:39:04 EST 2014
> So, does that mean the PIE setting only affected executables and not
libraries, perhaps?
This is indeed the case. From the 5.0 security notes.
<http://source.android.com/devices/tech/security/enhancements50.html>:
"Android now requires all dynamically linked executables to support PIE
(position-independent executables)."
On Thu Nov 06 2014 at 11:26:33 AM Nick Parker <nparker at zetetic.net> wrote:
> Hi Nathan,
>
> For what its worth, running the latest SQLCipher for Android (3.2.0)
> library on the Android L preview emulator executing the test suite is
> entirely successful. I had previously submitted a screenshot of this to
> this thread however the message was not posted.
>
> On 11/6/14 1:09 PM, Nathan of Guardian wrote:
> > I finally updated my Nexus 7 to use the latest Android L/5.0 developer
> > preview ROMs
> >
> > I've updated Orbot's Makefile to support a simple command line arg for
> > enabling PIE or not:
> > https://github.com/n8fr8/orbot/commit/7f50f79b0e3ebbb0dd97845445dbb6
> 93f3fd541c
> >
> > For PIE-enabled/Android-16 binaries:
> >> make polipo PIEFLAGS="-fPIE -pie" NDK_PLATFORM_LEVEL="16"
> >
> > For non-PIE/Android-9 through 15 binaries:
> >> make polipo PIEFLAGS="" NDK_PLATFORM_LEVEL="9"
> >
> > I can verify that if I try to run the non-PIE binaries on L, they do not
> > work.
> >
> > Now, when I decided to install Courier (securereader) and ChatSecure
> > from the Google Play store existing versions, they both installed and
> > executed perfectly. They both contain native code, but they are used as
> > shared libraries and not command line executables like with Orbot.
> >
> > So, does that mean the PIE setting only affected executables and not
> > libraries, perhaps?
> >
> >
>
> --
> Nick Parker
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/
> davidpbrodsky%40gmail.com
>
> You are subscribed as: davidpbrodsky at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20141106/b30ae950/attachment.html>
More information about the Guardian-dev
mailing list