mirror of
http://galexander.org/git/simplesshd.git
synced 2024-12-29 09:28:07 +00:00
build static binaries so that we don't run into lollipop's requirement
for "PIE" executables
This commit is contained in:
parent
5b6de15b6b
commit
c8d1c356d1
31
NOTES
31
NOTES
@ -126,4 +126,35 @@ another commandline option for the new (deflate?) technique, but I think
|
||||
the normal -z ought to work too. But that is literally the last feature!
|
||||
Then just release details.
|
||||
|
||||
|
||||
December 29, 2014.
|
||||
|
||||
First problem report from a user. Lollipop (Android 5.0) requires "PIE"
|
||||
executables -- position independent code. I think that is a modern
|
||||
equivalent to -fpic that Android is now requiring so that it can
|
||||
randomize addresses to try to obscure stack smashing attacks that rely on
|
||||
fixed addresses. It is epicly lame.
|
||||
|
||||
Anyways, the big fuck-you from Google is that Ice Cream Sandwich (Android
|
||||
4.1) and earlier require fixed-position code. So one binary will not
|
||||
generally work on both.
|
||||
|
||||
Here is a good summary:
|
||||
https://code.google.com/p/android-developer-preview/issues/detail?id=888
|
||||
|
||||
There is something called "run_pie" which you can wrap your executables
|
||||
in that lets older Android run PIE executables. It would require a
|
||||
relatively small change to the exec() call to prepend it with "run_pie".
|
||||
That seems like a hack.
|
||||
|
||||
The suggested remedy is to build two different apks! Yuck!
|
||||
|
||||
Anyways, it is only executables (not libraries -- they are position
|
||||
independent already) that are affected. And apparently static
|
||||
executables don't care one way or the other.
|
||||
|
||||
So that is my remedy -- static executables for the moment. I tested them
|
||||
and it is only a little bit bigger -- 904kB of binaries instead of 668kB.
|
||||
|
||||
|
||||
XXX - support password-based logins?
|
||||
|
@ -486,6 +486,7 @@ LOCAL_SRC_FILES := $(DROPBEAR_PATH)/scp.c \
|
||||
$(DROPBEAR_PATH)/atomicio.c
|
||||
LOCAL_C_INCLUDES:= dropbear dropbear/libtomcrypt/src/headers dropbear/libtommath
|
||||
# LOCAL_LDLIBS :=
|
||||
LOCAL_LDFLAGS := -static
|
||||
|
||||
include $(BUILD_EXECUTABLE)
|
||||
|
||||
@ -515,6 +516,7 @@ LOCAL_SRC_FILES := $(OPENSSH_PATH)/sftp-server-main.c \
|
||||
$(OPENSSH_PATH)/openbsd-compat/strmode.c
|
||||
LOCAL_C_INCLUDES:= openssh
|
||||
# LOCAL_LDLIBS :=
|
||||
LOCAL_LDFLAGS := -static
|
||||
|
||||
include $(BUILD_EXECUTABLE)
|
||||
|
||||
@ -592,5 +594,6 @@ LOCAL_SRC_FILES := $(RSYNC_PATH)/flist.c \
|
||||
|
||||
LOCAL_C_INCLUDES:= rsync rsync/popt rsync/zlib
|
||||
LOCAL_LDLIBS :=
|
||||
LOCAL_LDFLAGS := -static
|
||||
|
||||
include $(BUILD_EXECUTABLE)
|
||||
|
Loading…
Reference in New Issue
Block a user