Piece of PIE

Modern ELF systems can randomize the address at which shared libraries are loaded. This is generally referred to as Address Space Layout Randomization, or ASLR. Shared libraries are always position independent, which means that they can be loaded at any address. Randomizing the load address makes it slightly harder for attackers of a running program to exploit buffer overflows or similar problems, because they have no fixed addresses that they can rely on. ASLR is part of defense in depth: it does not by itself prevent any attacks, but it makes it slightly more difficult for attackers to exploit certain kinds of programming errors in a useful way beyond simply crashing the program.

Although it is straightforward to randomize the load address of a shared library, an ELF executable is normally linked to run at a fixed address that can not be changed. This means that attackers have a set of fixed addresses they can rely on. Permitting the kernel to randomize the address of the executable itself is done by generating a Position Independent Executable, or PIE.

It turns out to be quite simple to create a PIE: a PIE is simply an executable shared library. To make a shared library executable you just need to give it a PT_INTERP segment and appropriate startup code. The startup code can be the same as the usual executable startup code, though of course it must be compiled to be position independent.

When compiling code to go into a shared library, you use the -fpic option. When compiling code to go into a PIE, you use the -fpie option. Since a PIE is just a shared library, these options are almost exactly the same. The only difference is that since -fpie implies that you are building the main executable, there is no need to support symbol interposition for defined symbols. In a shared library, if function f1 calls f2, and f2 is globally visible, the code has to consider the possibility that f2 will be interposed. Thus, the call must go through the PLT. In a PIE, f2 can not be interposed, so the call may be made directly, though of course still in a position independent manner. Similarly, if the processor can do PC-relative loads and stores, all global variables can be accessed directly rather than going through the GOT.

Other than that ability to avoid the PLT and GOT in some cases, a PIE is really just a shared library. The dynamic linker will ask the kernel to map it at a random address and will then relocate it as usual.

This does imply that a PIE must be dynamically linked, in the sense of using the dynamic linker. Since the dynamic linker and the C library are closely intertwined, linking the PIE statically with the C library is unlikely to work in general. It is possible to design a statically linked PIE, in which the program relocates itself at startup time. The dynamic linker itself does this. However, there is no general mechanism for this at present.

Comments (2)

Non-free Services

As both of my faithful readers can see, my blog postings have dropped significantly. I’ve been posting my random little comments on Google+ instead.

Which leads me to the following. There is a hard-core group of people who only use free software. I’m not quite that hard-core, but in practice I do use only free software, except perhaps for some binary drivers in the kernel (I don’t actually know whether the systems I’m running use binary drivers or not, and I’m not hard-core enough to find out).

I’ve seen some people argue that if you are serious about using free software, you should also only use Internet services which are themselves free software. For example, you should not use Facebook or Google+, because the software used to run those services is not free.

I don’t agree with that argument. The key goal of free software is that I always have the right to change the software that I am running. When I use an Internet service like Google+, I am not running the software. Even if I had a copy of the software, I would not be able to run it, because I don’t have enough servers. And even if I had enough servers, it would be useless for me to run the software, because I don’t have the data. And there is no way to grant me access to the data, because that would violate the reasonable privacy choices of everybody else using the service.

When it comes to a service like Google+, whether the software is free is not important. Releasing the software would not give me any more freedom than I already have. Google+ is only interesting when many people are operating out of a single shared data base, and that data base must have privacy safeguards to ensure that it is not copied.

What matters with Google+ is not the software, but the data. It is important that I be able to retrieve all my data associated with Google+, and that I be able to retrieve it in a way that makes it possible to use with other software. That is, I should be able to retrieve my posts, my comments on other people’s posts, my list of followers, my photos, etc. And I should be able to plug them into some other software service if I so choose.

In fact Google+ does have a set of APIs which permit me to retrieve my data. I haven’t verified that all Google+ data is available via the APIs, but all the obvious stuff seems to be available. Given those APIs, it should be possible for me to move all my data to some other service which provides te required APIs itself.

So I personally don’t see any reason why even a hard-core free software supporter should avoid using a service like Google+. This isn’t to say that it wouldn’t be nice if Google freed up the software and accepted patches from outside users. It’s just that that is not a critical part of freedom to use software.

Comments (5)

Anonymous

There is no chance that Edward de Vere, the Earl of Oxford, wrote the plays attributed to William Shakespeare.

That said, I found the movie Anonymous to be reasonably watchable, although I thought many of Vanessa Redgrave’s scenes as the older Queen Elizabeth were ridiculous. But since the movie claims (perhaps as a joke) to be seriously advocating the position that Oxford wrote the plays, I was surprised that they did such a poor job of supporting the theory.

Oxford was shown as being tutored at length on topics other than poetry. He traveled abroad, he intrigued at court. When would he have had time to write the plays and the sonnets? The movie essentially presents Oxford as being mysterious gifted by the ability to write; he speaks of continual voices in his head. That could happen to anybody, and perhaps describes the real Shakespeare–if anybody could have written Shakespeare’s plays, then why not Shakespeare himself?

Oxford is shown as using the plays to support his court intrigues. Is it possible to imagine Shakespeare, with his clear vision of humanity, thinking that he could achieve such ends through his plays? One of the strongest examples of that in the movie was the suggestion that it was odd that Shakespeare portrayed Richard III as a hunchback, but even I know that Richard III was popularly (and probably falsely) considered to be a hunchback long before Shakespeare’s time.

Of course it’s conceivable if unlikely that somebody else wrote Shakepeare’s plays. But the undercurrent of the Oxford theory has always been that a member of the nobility would be more likely as the playwright than a commoner. But this reverses reality. The nobility were highly trained from birth in their roles in society. They were busy people with lots to do. It was far less likely that an earl could write the plays than a member of the middle class. As far as I know only one member of the English nobility ever achieved any note as an author: Lord Dunsany, who lived much later.

The movie did have a couple of nice (non-Shakespearean) lines, one of which, by the Ben Jonson character, was simply the truth: the only reason future ages remember the people who lived then was because they were alive when Shakespeare was writing.

Comments

Corporate Unions

In an ordinary employer-employee relationship with a large company, the employer has most of the power. When any individual employee seeks a higher wage, he or she has no leverage; for a large company to lose a single employee makes little difference. In the U.S., unions have been a way for employees to get more leverage. The large company can not ignore the effect of many employees working together.

However, many people dislike unions, because unions are only effective when the union members work together. Many people feel that this takes away individual rights, as indeed it does.

It recently occurred to me that there is a different way to look at the issue. Think of the union as a company itself, a special sort of company which operates as a monopsony. When you join the employer, you are actually joining two companies: the employer and the company which provides employees to the employer. The union company and the regular company have a tight relationship, but this is no different from an ordinary monopsony supplier situation, such as is widely found in, e.g., the automotive business. Union companies tend to be more democratic than most companies, but this is not a fundamental difference.

One can of course have multiple union companies providing labor to the parent company. However, it is perfectly reasonable for the parent company to negotiate only with union companies for labor, rather than with individuals. After all, only in exceptional situations would a company purchase non-labor supplies from an individual. Why should labor be any different? Thus the “closed shop” has a clear support: it’s a matter of efficiency for the parent company.

This perspective may remove some of the traditional complaints against unions. They are replaced by a different issue, which is that every employee has two loyalties. However, in reality we all have multiple loyalties in our lives—to our families, our sports teams, etc.

Try thinking of the matter this way the next time you feel angry about unions. They are just doing what regular companies do.

Comments (9)

Nuclear Irrationality

I was recently thinking about my college studies of nuclear warfare. At the time it seemed like a relevant topic, and I took two courses on it. Like everything, the more you look into it the more complex it gets. The depth of the thinking in nuclear warfare planning was both impressive and appalling.

One of the more interesting cases was driven by the fear of a Soviet invasion of Western Europe. In retrospect we know there was never a danger of that, but at the time it was a real concern. The western strategists feared that in a conventional war, the Soviet tanks would rapidly rout the smaller European armies. The use of nuclear weapons, or at least their potential use, was an obvious way to counter this threat.

However, most of the nuclear weapons were in the U.S. It was clear that no U.S. president would launch nuclear weapons at the Soviet Union in order to forestall an invasion of Europe. The U.S. promised to support Europe, but if the war actually started, a nuclear attack on the U.S.S.R. could only end in a nuclear counter-attack on the U.S. That would never happen. England and France had a few nuclear weapons, but would their leaders really launch them, knowing that they would face certain death in the overwhelming nuclear counter-attack? A bold and calculating leader of the Soviet Union might be willing to risk that nobody would take the nuclear option, and be willing to gamble that they would win a conventional war (again, this was the fear of the U.S. and Europe, the Soviet Union knew perfectly well that they could not win such a war). How could the U.S. and Europe use nuclear weapons as a credible deterrent to a conventional invasion?

The answer was, as I said, both impressive and appalling. NATO distributed low-yield nuclear weapons throughout Europe (they even had nuclear landmines). In the event of an invasion, complete control over the weapons was handed over to local commanders. The decision to use nuclear weapons would not be in the hands of an elected leader far from the war zone. It would be in the hands of a local colonel facing the immediate loss of his command. The Soviet Union might gamble (so the thinking went) on the reactions of a few political leaders they could study closely. They would never gamble on the reactions of several hundred local military commanders. Although the weapons were relatively low-yield, the expectation was that once a war went nuclear, the only thing that would stop it from escalating would be a quick complete cessation of hostilities.

This is a nice example of achieving your goal by explicitly giving up your ability to act rationally.

Comments (7)

« Previous entries Next Page » Next Page »