1
0
mirror of http://galexander.org/git/simplesshd.git synced 2025-01-01 02:40:52 +00:00

build static binaries so that we don't run into lollipop's requirement

for "PIE" executables
This commit is contained in:
Greg Alexander 2014-12-29 16:19:16 -05:00
parent 5b6de15b6b
commit c8d1c356d1
2 changed files with 34 additions and 0 deletions

31
NOTES
View File

@ -126,4 +126,35 @@ another commandline option for the new (deflate?) technique, but I think
the normal -z ought to work too. But that is literally the last feature! the normal -z ought to work too. But that is literally the last feature!
Then just release details. Then just release details.
December 29, 2014.
First problem report from a user. Lollipop (Android 5.0) requires "PIE"
executables -- position independent code. I think that is a modern
equivalent to -fpic that Android is now requiring so that it can
randomize addresses to try to obscure stack smashing attacks that rely on
fixed addresses. It is epicly lame.
Anyways, the big fuck-you from Google is that Ice Cream Sandwich (Android
4.1) and earlier require fixed-position code. So one binary will not
generally work on both.
Here is a good summary:
https://code.google.com/p/android-developer-preview/issues/detail?id=888
There is something called "run_pie" which you can wrap your executables
in that lets older Android run PIE executables. It would require a
relatively small change to the exec() call to prepend it with "run_pie".
That seems like a hack.
The suggested remedy is to build two different apks! Yuck!
Anyways, it is only executables (not libraries -- they are position
independent already) that are affected. And apparently static
executables don't care one way or the other.
So that is my remedy -- static executables for the moment. I tested them
and it is only a little bit bigger -- 904kB of binaries instead of 668kB.
XXX - support password-based logins? XXX - support password-based logins?

View File

@ -486,6 +486,7 @@ LOCAL_SRC_FILES := $(DROPBEAR_PATH)/scp.c \
$(DROPBEAR_PATH)/atomicio.c $(DROPBEAR_PATH)/atomicio.c
LOCAL_C_INCLUDES:= dropbear dropbear/libtomcrypt/src/headers dropbear/libtommath LOCAL_C_INCLUDES:= dropbear dropbear/libtomcrypt/src/headers dropbear/libtommath
# LOCAL_LDLIBS := # LOCAL_LDLIBS :=
LOCAL_LDFLAGS := -static
include $(BUILD_EXECUTABLE) include $(BUILD_EXECUTABLE)
@ -515,6 +516,7 @@ LOCAL_SRC_FILES := $(OPENSSH_PATH)/sftp-server-main.c \
$(OPENSSH_PATH)/openbsd-compat/strmode.c $(OPENSSH_PATH)/openbsd-compat/strmode.c
LOCAL_C_INCLUDES:= openssh LOCAL_C_INCLUDES:= openssh
# LOCAL_LDLIBS := # LOCAL_LDLIBS :=
LOCAL_LDFLAGS := -static
include $(BUILD_EXECUTABLE) include $(BUILD_EXECUTABLE)
@ -592,5 +594,6 @@ LOCAL_SRC_FILES := $(RSYNC_PATH)/flist.c \
LOCAL_C_INCLUDES:= rsync rsync/popt rsync/zlib LOCAL_C_INCLUDES:= rsync rsync/popt rsync/zlib
LOCAL_LDLIBS := LOCAL_LDLIBS :=
LOCAL_LDFLAGS := -static
include $(BUILD_EXECUTABLE) include $(BUILD_EXECUTABLE)