Open kewde opened 7 years ago
All libraries we use need to be compiled with -fPIC. The stack remains executable for the application if one library is not compiled as position independent.
I'm not statically compiling Shadow on my development environment so I can't make these edits for now.
fPIC list:
Please note, this list is not exhaustive/complete.
Our main application is compiled with stack canaries which adds a layer of protection to our code, while this issue is not crucial, every bit helps.
For security reasons it's better to compile our code with position indepent code/execution, rendering the stack unexecutable protecting against buffer overflows.
LevelDB needs to be compiled with
-fPIC
Shadow needs to be compiled with-e PIE=1
The makefile.unix in
src
specifies a way (scanelf) to check if a binary is compiled with non-executable stack.