[guardian-dev] Confused by Android-L PIE

Hans-Christoph Steiner hans at guardianproject.info
Fri Nov 7 05:29:20 EST 2014 

Oops, I missed that key detail on my initial assessment.  This is good news :)
Here's what the gcc man page says: "These options are similar to -fpic and
-fPIC, but generated position independent code can be only linked into
executables."

As for static linking as a way to get around the whole PIE thing, my guess is
that it won't work because the Android tools will still dynamically link to
the Android core libs (libc, etc).  If you can force everything to be
statically linked, then it -fPIE should be irrelevant.

.hc

Paul Gardner-Stephen wrote:
> Hello,
> 
> Correct, libraries are always position independent.  This is how we dealt
> with this problem in Serval Mesh, by only using servald as a library.
> 
> Paul.
> 
> On Fri, Nov 7, 2014 at 5:39 AM, Nathan of Guardian <
> nathan at guardianproject.info> wrote:
> 
>> I finally updated my Nexus 7 to use the latest Android L/5.0 developer
>> preview ROMs
>>
>> I've updated Orbot's Makefile to support a simple command line arg for
>> enabling PIE or not:
>>
>> https://github.com/n8fr8/orbot/commit/7f50f79b0e3ebbb0dd97845445dbb693f3fd541c
>>
>> For PIE-enabled/Android-16 binaries:
>>> make polipo PIEFLAGS="-fPIE -pie" NDK_PLATFORM_LEVEL="16"
>>
>> For non-PIE/Android-9 through 15 binaries:
>>> make polipo PIEFLAGS="" NDK_PLATFORM_LEVEL="9"
>>
>> I can verify that if I try to run the non-PIE binaries on L, they do not
>> work.
>>
>> Now, when I decided to install Courier (securereader) and ChatSecure
>> from the Google Play store existing versions, they both installed and
>> executed perfectly. They both contain native code, but they are used as
>> shared libraries and not command line executables like with Orbot.
>>
>> So, does that mean the PIE setting only affected executables and not
>> libraries, perhaps?
>>
>>
>> --
>>   Nathan of Guardian
>>   nathan at guardianproject.info
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/paul%40servalproject.org
>>
>> You are subscribed as: paul at servalproject.org
>>
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Guardian-dev mailing list