Position independent executable support in DragonFlyBSD

Vasily Postnicov shamaz.mazum at gmail.com
Fri Nov 20 23:49:53 PST 2015 

Hello. Can anyone please explain what happens here? I am trying to compile
and execute a position independent executable (further: PIE) on
DragonFlyBSD 4.0. This is my test program test.c:

#include <stdio.h>
#include <sys/mman.h>

int main()
{
    int (*func)() = main;
    printf ("%p\n", func);

    void *ptr = mmap (NULL, 4096, PROT_NONE, MAP_ANON | MAP_PRIVATE, -1, 0);
    printf ("%p\n", ptr);
    munmap (ptr, 4096);
    return 0;
}

I compile this code like this:
cc -fPIE -pie -o test test.c

And set vm.randomize_mmap sysctl to 1
Here is my program's output after it was launched 2 times:

> ./test
0x1021aa3
0x807c5c000
> ./test
0x1021aa3
0x80d01d000

As I can understand, the program is mmap()'ed into memory by dynamic linker
(/libexec/ld-elf.so.2). The base address the program is mapped to is
determined by content of p_vaddr filed in the first PT_LOAD program header
in the file (as I learned from /usr/src/libexec/rtld-elf/map_object.c).
It's usually 0x400000, but in my case of PIE it is 0x0 (info by readelf -l,
some output dropped here):

> readelf -l test
Elf file type is DYN (Shared object file)
Entry point 0x84c
Program Headers:
  Type           Offset                              VirtAddr
    PhysAddr
                     FileSiz                              MemSiz
       Flags  Align
  LOAD      0x0000000000000000 0x0000000000000000  0x0000000000000000
                 0x0000000000000bf4  0x0000000000000bf4   R E    200000
  LOAD      0x0000000000000bf8  0x0000000000200bf8   0x0000000000200bf8
                 0x0000000000000238 0x0000000000000270   RW     200000

According mmap(2) manpage, if its first argument is 0, the system must
choose an address for the mapping by itself, and as I can see from my test
program, it is random  indeed, if I set vm.randomize_mmap=1.

So my questions  are so: why the address of main is always 0x1021aa3? Why
it is not even aligned? What must be changed in DragonFlyBSD to handle PIEs
properly?

I also have noticed, that dynamic libraries (.so) are loaded at random
addresses with mmap randomization, so what is the difference between them
and PIEs?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20151121/ccd49907/attachment-0002.htm>

More information about the Users mailing list