Not compiling with Position Independent Executable protection?

[Scalextrix]

Im compiling my own Linux gridcoinresearch daemon from source, I realised to have the daemon protected by Position Independent Executable (PIE) I needed to compile with: make -f makefile.unix -e PIE=1

You can check the status of current install by apt-get install hardening-includes, then hardening-check /usr/bin/gridcoinresearchd.

Apologies if you have it covered elsewhere, I didnt see it.

[Steffov]

Hi @Scalextrix Sca No, by now I didn't implement this but it sounds very interesting! It isn't in the official Linux compiling guide from Gridcoin, that's the reason why it isn't in my script. Are you sure it will not affect the wallet self? Maybe it makes sense to ask Rob or another developer regarding this. If the officials says it's fine I'll implement this of course.

Can you ask the wallet devs? Unfortunately I've not much time currently.

[Scalextrix]

Ok so take a look at https://github.com/gridcoin/Gridcoin-Research/blob/master/doc/build-unix.txt

Scroll down and you will see the PIE hardening advice

[Steffov]

Hey Scalextrix, Sorry for delay. But I had to fix this hard bug before (https://github.com/Steffov/GRC-Scripts/issues/3). I pushed your suggestion now with version 1.0.5 online. Thanks a lot for your great feedback!

[Steffov]

Hey Scalextrix,

I made a test with that option and was not able to built the daemon. I got the error message as descripted on the readme page:

On an Amd64 processor where a library was not compiled with -fPIC, this will cause an error such as: "relocation R_X86_64_32 against `......' can not be used when making a shared object;

For now I've no solution, so I'm forced to patch this security line out of the current code.

Do you've an idea how to fix that?

[Scalextrix]

Ok thats odd, it worked compiling on ARM (Raspberry Pi)

[Scalextrix]

Accdentally closed, reopened. The exact string I used to compile was 'sudo make -f makefile.unix USE_UPNP=- -e PIE=1'

I hope that helps, Im not an expert on this feature, it just worked for me, I had installed package hardening-includes but I dont think its a dependency.

[Steffov]

That's what I used too. It looks like an issue with AMD64 and the way how gcc compiles the code. I'll try to figure out how to fix. If I'm not able to find a fix I've to leave this feature out of the code, unfortunately. If you find something please let me now.

In the meanwhile my main focus will goes to the daemon control center.