AppImageSpec icon indicating copy to clipboard operation
AppImageSpec copied to clipboard
verified publisher icon AppImage

Make PIE building/linking mandatory

Open TheAssassin opened this issue 1 year ago • 2 comments

Future runtime types must be linked as PIE. Current ones should. This allows the kernel to apply ASLR and makes the runtime compatible with tools like https://github.com/io12/userland-execve-rust.

TheAssassin avatar Nov 28 '24 00:11 TheAssassin

Please elaborate the motivation for this. Especially why you think it should be a "must".

probonopd avatar Nov 28 '24 07:11 probonopd

See https://github.com/AppImage/type2-runtime/pull/88 for additional context. Using PIE is an advantage security wise (it allows the kernel to apply ASLR, non-PIC code cannot be loaded that way). Also, it allows the runtime to be launched via https://github.com/io12/userland-execve-rust, which is a convenient way for tools like AppImageLauncher to launch statically linked runtimes while bypassing binfmt_misc. It doesn't cost anything either and should be possible with any modern compiler toolchain.

TheAssassin avatar Nov 28 '24 07:11 TheAssassin