位置独立的可执行和Android棒棒糖 [英] Position Independent Executables and Android Lollipop
问题描述
我已经写了.c的源代码code(在ecllipse),这是使用的libcap库来获得网络流量相关的信息。现在,我已经创建了一个可执行的二进制使用NDK建造的ecllipse。我已经推动了创建的二进制中的库/ armeabi文件夹到我的机器人(根纽带5,Lollypop)的/数据/本地/文件夹,并试图执行二进制。但Android是引发此错误
错误:只与位置无关的可执行文件(PIE)的支持
我不知道PIE什么,请告诉我如何创建一个位置无关的可执行文件。
我不知道PIE什么,请告诉我如何创建一个位置无关的可执行文件。
位置无关可执行文件或PIE允许程序要搬迁,就像一个共享对象。在程序的每个运行,该程序可以在不同的地址被加载,使其更难攻击者猜到某个程序状态。
您可以编译和两种方式之一链接PIE可执行文件。首先,编译一切与 -fPIE 和链接 -pie 。第二个是编译一切与 -fPIC 和链接 -pie 。
如果你正在建设既是一个共享对象和程序,然后编译一切与 -fPIC 。与 -shared 链接共享对象,并使用 -pie 链接程序。
您不能做它的其他方式。也就是说,你不能编译一切与 -fPIE ,并建立一个双方共享对象和程序。有关详细信息,请参见 code生成选项在GCC手册。
有一件事情在Android上注意:4.1之前建设有PIE会导致段错误的 /系统/斌/连接器。 PIE溶液中加入的Android 4.1,而且它崩溃较小版本。
有人告诉我提供一个自定义链接/装载器来避免这个问题,但我找不到此刻的参考。
另请参见安全增强功能的Android 1.5至4.1 。
错误:只与位置无关的可执行文件(PIE)的支持
是的,这是一个棒棒糖功能。请参见安全增强功能的Android 5.0 。
您可以检查是否有计划建立使用PIE readelf :
$ readelf -l我-PROG | grep的-i文件类型
精灵文件类型是DYN(共享对象文件)
最重要的部分是 readelf 是报告的的 DYN 的,不报的的 EXE 的。 EXE 意味着它缺少PIE,这应该引发与安全有关的缺陷。
相关信息,请参阅是PIE(位置无关的可执行文件)中的Android 4.0(ICS)的支持主要的可执行文件?
I have written a .c source code(in ecllipse) which is using libcap library to get information related to network traffic. Now i have created an executable binary by using ndk-build in ecllipse. I have pushed the created binary in libs/armeabi folder to /data/local/ folder of my android(rooted nexus 5, Lollypop) and tried to execute the binary. but android is throwing this error
Error: only position independent executables (PIE) are supported
I don't know anything about PIE, Please tell me how to create a position independent executable.
I don't know anything about PIE, Please tell me how to create a position independent executable.
Position Independent Executable or PIE allows a program to be relocated, just like a shared object. At each run of the program, the program can be loaded at different addresses to make it harder for an attacker to guess certain program state.
You can compile and link a PIE executable in one of two ways. First, compile everything with -fPIE and link with -pie. The second is to compile everything with -fPIC and link with -pie.
If you are building both a shared object and a program, then compile everything with -fPIC. Link the shared object with -shared, and link the program with -pie.
You cannot do it the other way. That is, you cannot compile everything with -fPIE and build both a shared object and a program. For the details, see Code Generation Options in the GCC manual.
One thing to watch out for on Android: building with PIE prior to 4.1 will cause a segmentation fault in /system/bin/linker. PIE was added at Android 4.1, and it crashes lesser versions.
Someone told me to supply a custom link/loader to avoid the problem, but I can't find the reference at the moment.
Also see Security Enhancements in Android 1.5 through 4.1.
Error: only position independent executables (PIE) are supported
Yes, that's a Lollipop feature. See Security Enhancements in Android 5.0.
You can check if a program is built with PIE using readelf:
$ readelf -l my-prog | grep -i "file type"
Elf filetype is DYN (shared object file)
The important part is readelf is reporting DYN, and not reporting EXE. EXE means it lacks PIE, and that should trigger a security related defect.
Related, see Is PIE (Position-independent executable) for main executables supported in Android 4.0 (ICS)?
这篇关于位置独立的可执行和Android棒棒糖的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
