1 (edited by ahn.woosuk 2016-11-03 01:18:01)

Topic: wolfssl -fPIC option

Hello,

I make a libwolfssl.so file in qnx660 with -fPIC option as below.

./configure --host=arm-unknown-nto-qnx6.6.0eabi CFLAGS="-fPIC -fstack-protector -DWOLFSSL_STATIC_RSA -DWOLFSSL_HAVE_MAX -DWOLFSSL_HAVE_MIN" --enable-opensslextra --enable-fortress --enable-aesgcm=table --enable-ecc --enable-eccencrypt --enable-tlsx --enable-hkdf --enable-sha512

For checking fPIC option in so file, I try to check using hardening-check libwolfssl.so command in Ubuntu OS.
But looks like the library is not build with –fPIC. I don't understand why PIE is not set.
And I want to know how I check .so file with PIC option.
Please help me.

>hardening-check libwolfssl.so

libwolfssl.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no, not found!

Share

2 (edited by Kaleb J. Himes 2016-11-03 15:40:27)

Re: wolfssl -fPIC option

Hi ahn.woosuk,

Notice in the item you pointed to:

"Position Independent Executable: no, regular shared library (ignored)"

You have compiled the elf library (this is a shared library) but you have not created an elf executable. If my understanding of the hardening-check tool is correct, the check you pointed to is for checking an elf binary or elf executable. So to perform this check you would want to compile an application that links against the wolfSSL library and see if the result is a position independent executable.

For example this application here is not a position independent executable. The report should say "no, normal executable!" for a valid check, not "no, regular shared library (ignored)". The "ignored" is trying to tell you the check for position independent executable was an invalid check on this item.

hardening-check test.axf 
test.axf:
 Position Independent Executable: no, normal executable!
 Stack protected: no, not found!
 Fortify Source functions: unknown, no protectable libc functions used
 Read-only relocations: no, not found!
 Immediate binding: no, not found!

Out of curiousity have you done this check before on a compiled library other than wolfSSL and seen other results?


Regards,

Kaleb