Hi,
I installed the tini-static package and I was surprised that file
report it as a dynamically linked binary?
/opt/certbot # file /sbin/tini-static
/sbin/tini-static: ELF 64-bit LSB pie executable, x86-64, version 1
(SYSV), dynamically linked, stripped
Is this a bug? Seems to me it would be a bug that a static package is
dynamically linked even if just formally.
Thanks
Henrik Holst
On Fri, 27 Mar 2020 14:48:44 +0100
Henrik Holst <henrik.holst@omnimodular.com> wrote:
> Hi,> > I installed the tini-static package and I was surprised that file> report it as a dynamically linked binary?> > /opt/certbot # file /sbin/tini-static> /sbin/tini-static: ELF 64-bit LSB pie executable, x86-64, version 1> (SYSV), dynamically linked, stripped> > Is this a bug? Seems to me it would be a bug that a static package is> dynamically linked even if just formally.> > Thanks> Henrik Holst
It is really statically linked, but it is linked as PIE:
$ readelf -d /sbin/tini-static
Dynamic section at offset 0xae70 contains 16 entries:
Tag Type Name/Value
0x000000000000000c (INIT) 0x1000
0x000000000000000d (FINI) 0x7a2e
0x000000006ffffef5 (GNU_HASH) 0x200
0x0000000000000005 (STRTAB) 0x4b0
0x0000000000000006 (SYMTAB) 0x2b8
0x000000000000000a (STRSZ) 193 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0xbfb0
0x0000000000000007 (RELA) 0x578
0x0000000000000008 (RELASZ) 1056 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x0000000000000018 (BIND_NOW)
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000006ffffff9 (RELACOUNT) 44
0x0000000000000000 (NULL) 0x0
As you see, it is not linked to anything (no (NEEDED)).
The benefit with linking it as PIE (position independent executable) is
that it give full address space layout randomization (ASLR), even if it
is linked statically.
Side effect is that is marked as ET_DYN in the elf header and looks
like a dynamically linked executable.
-nc
Hello,
On 2020-03-27 16:19:18 +0100, Natanael Copa wrote:
> The benefit with linking it as PIE (position independent executable) is> that it give full address space layout randomization (ASLR), even if it> is linked statically.> > Side effect is that is marked as ET_DYN in the elf header and looks> like a dynamically linked executable.
but at the same time, since it "links" against the ld-musl
/a # gcc -static -pie -o test test.c
/a # ldd test
/lib/ld-musl-x86_64.so.1 (0x7f63e4bc1000)
such binary is not portable to non-musl systems correct? And if I want
to achieve that, I need to compile with -no-pie flag?
Is my understanding correct?
Thanks,
W.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
My $0.02 is that tini-staic should be made a real static. The value
prop for PIE does not outweigh the confusion that this is causing.
/sbin # ldd tini-static
/lib/ld-musl-x86_64.so.1 (0x7f6a662d7000)
On Sun, Mar 29, 2020 at 3:43 PM Wolf <wolf@wolfsden.cz> wrote:
>> Hello,>> On 2020-03-27 16:19:18 +0100, Natanael Copa wrote:> > The benefit with linking it as PIE (position independent executable) is> > that it give full address space layout randomization (ASLR), even if it> > is linked statically.> >> > Side effect is that is marked as ET_DYN in the elf header and looks> > like a dynamically linked executable.>> but at the same time, since it "links" against the ld-musl>> /a # gcc -static -pie -o test test.c> /a # ldd test> /lib/ld-musl-x86_64.so.1 (0x7f63e4bc1000)>> such binary is not portable to non-musl systems correct? And if I want> to achieve that, I need to compile with -no-pie flag?>> Is my understanding correct?>>>> Thanks,> W.>> --> There are only two hard things in Computer Science:> cache invalidation, naming things and off-by-one errors.
--
Henrik Holst, Tekn. Dr.
VD och medgrundare Omnimodular AB (559050-1846)
E-post henrik.holst@omnimodular.com
Mobil +46 76 246 17 15
> but at the same time, since it "links" against the ld-musl> > /a # gcc -static -pie -o test test.c> /a # ldd test> /lib/ld-musl-x86_64.so.1 (0x7f63e4bc1000)> > such binary is not portable to non-musl systems correct? And if I want> to achieve that, I need to compile with -no-pie flag?> > Is my understanding correct?
/lib/ld-musl-x86_64.so.1 is an executable, programs do not link against it.
I was able to compile go binary on glibc system and run on musl in the past, using "-ldflags=-I /path/to/ld.so"
I have no idea how binutils linker works though.
There is also --static-pie flag in gcc, I think it bundles dynamic linker in your binary, but I'm not sure exactly.
On Sun, 29 Mar 2020 15:43:13 +0200
Wolf <wolf@wolfsden.cz> wrote:
> Hello,> > On 2020-03-27 16:19:18 +0100, Natanael Copa wrote:> > The benefit with linking it as PIE (position independent executable) is> > that it give full address space layout randomization (ASLR), even if it> > is linked statically.> > > > Side effect is that is marked as ET_DYN in the elf header and looks> > like a dynamically linked executable. > > but at the same time, since it "links" against the ld-musl> > /a # gcc -static -pie -o test test.c> /a # ldd test> /lib/ld-musl-x86_64.so.1 (0x7f63e4bc1000)> > such binary is not portable to non-musl systems correct? And if I want> to achieve that, I need to compile with -no-pie flag?> > Is my understanding correct?
No. It is a real statically linked PIE binary and it works on non-musl
systems:
ncopa-desktop:~/tmp/tini$ cat Dockerfile
FROM debian
RUN apt-get update -y && apt-get install -y curl procps \
&& curl http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/tini-static-0.18.0-r0.apk | tar -zx sbin/tini-static
ncopa-desktop:~/tmp/tini$ docker build -t tini-test .
...
Successfully tagged tini-test:latest
ncopa-desktop:~/tmp/tini$ docker run --rm tini-test /sbin/tini-static ps xa
PID TTY STAT TIME COMMAND
1 ? Ss 0:00 /sbin/tini-static ps xa
6 ? R 0:00 ps xa
ncopa-desktop:~/tmp/tini$
-nc
On Sun, 29 Mar 2020 16:56:44 +0200
Henrik Holst <henrik.holst@omnimodular.com> wrote:
> My $0.02 is that tini-staic should be made a real static. The value> prop for PIE does not outweigh the confusion that this is causing.> > /sbin # ldd tini-static> /lib/ld-musl-x86_64.so.1 (0x7f6a662d7000)
It is a real (PIE) static, but we may consider fix ldd.
-nc