Received: from mx1.tetrasec.net (mx1.tetrasec.net [66.245.176.36]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id E1BE4782BF6 for <~alpine/users@lists.alpinelinux.org>; Mon, 30 Mar 2020 10:29:34 +0000 (UTC) Received: from mx1.tetrasec.net (mail.local [127.0.0.1]) by mx1.tetrasec.net (Postfix) with ESMTP id 4AC7F6492F; Mon, 30 Mar 2020 10:29:34 +0000 (UTC) Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: alpine@tanael.org) by mx1.tetrasec.net (Postfix) with ESMTPSA id 7C26C6492E; Mon, 30 Mar 2020 10:29:32 +0000 (UTC) Date: Mon, 30 Mar 2020 12:29:28 +0200 From: Natanael Copa To: Wolf Cc: Henrik Holst , ~alpine/users@lists.alpinelinux.org Subject: Re: tini-static dynamically linked Message-ID: <20200330122928.4ff7860c@ncopa-desktop.copa.dup.pw> In-Reply-To: <20200329134313.avejs4adn2r7eh35@wolfsden.cz> References: <20200327161918.4aedc0ca@ncopa-desktop.copa.dup.pw> <20200329134313.avejs4adn2r7eh35@wolfsden.cz> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-alpine-linux-musl) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sun, 29 Mar 2020 15:43:13 +0200 Wolf wrote: > Hello, > > On 2020-03-27 16:19:18 +0100, Natanael Copa wrote: > > The benefit with linking it as PIE (position independent executable) is > > that it give full address space layout randomization (ASLR), even if it > > is linked statically. > > > > Side effect is that is marked as ET_DYN in the elf header and looks > > like a dynamically linked executable. > > but at the same time, since it "links" against the ld-musl > > /a # gcc -static -pie -o test test.c > /a # ldd test > /lib/ld-musl-x86_64.so.1 (0x7f63e4bc1000) > > such binary is not portable to non-musl systems correct? And if I want > to achieve that, I need to compile with -no-pie flag? > > Is my understanding correct? No. It is a real statically linked PIE binary and it works on non-musl systems: ncopa-desktop:~/tmp/tini$ cat Dockerfile FROM debian RUN apt-get update -y && apt-get install -y curl procps \ && curl http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/tini-static-0.18.0-r0.apk | tar -zx sbin/tini-static ncopa-desktop:~/tmp/tini$ docker build -t tini-test . ... Successfully tagged tini-test:latest ncopa-desktop:~/tmp/tini$ docker run --rm tini-test /sbin/tini-static ps xa PID TTY STAT TIME COMMAND 1 ? Ss 0:00 /sbin/tini-static ps xa 6 ? R 0:00 ps xa ncopa-desktop:~/tmp/tini$ -nc