Archive for October, 2014

No PIE for you!

You are a software vendor. You distribute software on multiple operating systems. Let's say your software is a mildly popular internet browser. Let's say its logo represents an animal and a globe.

Now, because you care about the security of your users, let's say you would like the entire address space of your application to be randomized, including the main executable portion of it. That would be neat, wouldn't it? And there's even a feature for that: Position independent executables.

You get that working on (almost) all the operating systems you distribute software on. Great.

Then a Gnome user (or an Ubuntu user, for that matter) comes, and tells you they downloaded your software tarball, unpacked it, and tried opening your software, but all they get is a dialog telling them:

Could not display "application-name"
There is no application installed for "shared library" files

Because, you see, a Position independent executable, in ELF terms, is actually a (position independent) shared library that happens to be executable, instead of being an executable that happens to be position independent.

And nautilus (the file manager in Gnome and Ubuntu's Unity) usefully knows to distinguish between executables and shared libraries. And will happily refuse to execute shared libraries, even when they have the file-system-level executable bit set.

You'd think you can get around this by using a .desktop file, but the Exec field in those files requires a full path. (No, ./ doesn't work unless the executable is in the nautilus process current working directory, as in, the path nautilus was run from)

Dear lazyweb, please prove me wrong and tell me there's a way around this.

2014-10-03 18:00:03+0900

p.d.o, p.m.o | 8 Comments »