[Olsr-dev] making olsrd a "Position Independent Executable" i.e. gcc -pie -fPIE
Wed Oct 3 02:48:52 CEST 2012
On 10/02/2012 05:03 PM, Henning Rogge wrote:
> On Tue, Oct 2, 2012 at 10:56 PM, Hans-Christoph Steiner
> <(spam-protected)> wrote:
>> I'm in the process of making olsrd build properly with all of the Debian
>> hardening flags. One of the things the hardening wants is to have the
>> executable built with -fPIE and linked with -pie.
>> Has anyone worked with this in olsrd before?
> We did some experiments with the master branch about it.
> the trick was to add the following flags
> CFLAGS += -fPIE
> LDFLAGS += -pie
> And you need to use at least "-O2".
Any hazards to -O2 in olsrd? I see that its not there by default, yet
is is a very common default. Debian sets -O2 by default, for example.
>> Any particular objections
>> to including such a thing in olsrd proper?
> Last time we put it into Makefile.inc as an option... not sure this
> was a good idea.
>> I think we need to do as
>> much as we can to make sure olsrd has minimal exploits, since it runs
>> fully as root.
> Yes, unfortunately we cannot give root away after initializing... even
> if we could hand over the rtnetlink socket to another process, OLSRd
> needs the capability to open new sockets when an interface goes up.
> Henning Rogge
For something like the plugins that listen on a port, it seems
especially hazardous to have them running as root, and I see no reason
that txtinfo, httpinfo, jsoninfo, etc. need root privs once they've
opened their sockets.
I'll bring up sshd again since it is one process that has separate parts
running as root and unprivileged users. It also handles changing
interfaces, for example, if you have sshd running and turn on your wifi,
then you can ssh to the IP of the wifi without having to reset sshd. I
haven't read the code so I can't point out the relevant bits but I do
know its behaving the way that I think olsrd should.
More information about the Olsr-dev