libgcrypt.so has text relocations. This is wasting memory and is a security risk. Please fix.

Hans-Christoph Steiner hans at guardianproject.info
Fri Jan 17 18:48:21 CET 2014 


On 01/17/2014 11:59 AM, Remko van der Vossen wrote:
> Hi Hans-Christoph,
> 
> On Fri, Jan 17, 2014 at 11:20:07AM -0500, Hans-Christoph Steiner wrote:
>> libgcrypt.so has text relocations. This is wasting memory and is a security
>> risk. Please fix.
> 
> Is the library perhaps not compiled with -fPIC -fpic?
> 
> Regards,
> 
> Remko van der Vossen

I'm using the build flags that Android sets, looks like it sets -fpic but not
-fPIC:

make[3]: Entering directory
`/var/lib/jenkins/workspace/gnupg-for-android-eighthave/external/libgcrypt/mpi'
/bin/bash ../libtool --tag=CC   --mode=compile
/opt/android-ndk/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gcc
--sysroot=/opt/android-ndk/platforms/android-9/arch-arm -DHAVE_CONFIG_H -I.
-I..  -I../src -I../src
-I/var/lib/jenkins/workspace/gnupg-for-android-eighthave/external/data/data/info.guardianproject.gpg/app_opt/include
-DANDROID
-I/var/lib/jenkins/workspace/gnupg-for-android-eighthave/external/data/data/info.guardianproject.gpg/app_opt/include
-fpic -ffunction-sections -funwind-tables -fstack-protector
-no-canonical-prefixes -march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16 -O2
-g -DNDEBUG -fomit-frame-pointer -fstrict-aliasing -funswitch-loops
-finline-limit=300 -fvisibility=hidden -Wall -Wcast-align -Wshadow
-Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wextra
-Wbad-function-cast -Wwrite-strings -Wdeclaration-after-statement
-Wno-missing-field-initializers -Wno-sign-compare -Wpointer-arith -MT
mpi-add.lo -MD -MP -MF .deps/mpi-add.Tpo -c -o mpi-add.lo mpi-add.c


This is compiling for ARM, where according to `man gcc`, -fPIC does not have
an effect:

-fPIC
 If supported for the target machine, emit position-independent code,
 suitable for dynamic linking and avoiding any limit on the size of the
 global offset table.  This option makes a difference on the m68k, PowerPC
 and SPARC.


.hc



-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Gnupg-devel mailing list