对于不可重定位的汇编程序代码,链接在gcc 6.2.0之前从来都不是问题。我不知道确切的版本,但在gcc 5.4.0(及以下)这工作:
$ gcc -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
但是,对于gcc 6.2.0:
$ gcc -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
/usr/bin/ld: ../../../lib/libribs2_ssl.a(context_asm.o): relocation R_X86_64_32S against symbol `current_ctx' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
尝试强制静态链接会产生另一个问题:
$ gcc -static -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto -ldl
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
(.text+0x11): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
../obj/httpget.o: In function `main':
/home/nir/ribs2/examples/httpget/src/httpget.c:194: warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
程序在使用gethostbyname()时出现分段错误(但在其他情况下正常运行)
也尝试混合静态和动态是行不通的。
$ gcc -o httpget -Wl,-Bstatic ../obj/httpget.o ../../../lib/libribs2_ssl.a -Wl,-Bdynamic -lssl -lcrypto
/usr/bin/ld: ../../../lib/libribs2_ssl.a(context_asm.o): relocation R_X86_64_32S against symbol `current_ctx' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
任何想法?项目链接:https://github.com/niryeffet/ribs2
感谢@Jester的提示:在LDFLAGS中添加-no-pie(而不是-fno-PIE)解决了这个问题。
gcc -no-pie -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
此更改也适用于gcc 5.4。好像默认值已经改变了。
更新:
这就解释了。从https://wiki.ubuntu.com/SecurityTeam/PIE
在Ubuntu 16.10中,作为一个额外的编译器加固措施,我们已经默认情况下,在amd64和ppc64le上启用了PIE和立即绑定。这大大提高了ASLR在这些平台上的有效性。