+++ This bug was initially created as a clone of Bug #708563 +++ After the bug fix for Bug #708563, load address in PIE is ignored when ASLR is disabled: [hjl@gnu-6 pie]$ cat foo2.c #include <stdio.h> char foo[132121799]; int main () { foo[sizeof (foo) - 2] = -34; printf ("%p, %d\n", &main, foo[sizeof (foo) - 2]); return 0; } [hjl@gnu-6 pie]$ cc -fPIE -pie foo2.c -Wl,-Ttext-segment=0x6ABC55000000 [hjl@gnu-6 pie]$ readelf -lW a.out Elf file type is DYN (Shared object file) Entry point 0x6abc55000630 There are 8 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x00006abc55000040 0x00006abc55000040 0x0001c0 0x0001c0 R E 0x8 INTERP 0x000200 0x00006abc55000200 0x00006abc55000200 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x00006abc55000000 0x00006abc55000000 0x000944 0x000944 R E 0x200000 LOAD 0x001000 0x00006abc55201000 0x00006abc55201000 0x000254 0x7e00748 RW 0x200000 DYNAMIC 0x001020 0x00006abc55201020 0x00006abc55201020 0x0001d0 0x0001d0 RW 0x8 NOTE 0x00021c 0x00006abc5500021c 0x00006abc5500021c 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x00081c 0x00006abc5500081c 0x00006abc5500081c 0x000034 0x000034 R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .data.rel.ro .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 [hjl@gnu-6 pie]$ cat /proc/sys/kernel/randomize_va_space 1 [hjl@gnu-6 pie]$ ./a.out 0x6abc55000745, -34 [hjl@gnu-6 pie]$ cat /proc/sys/kernel/randomize_va_space 0 [hjl@gnu-6 pie]$ ./a.out 0x555555554745, -34 [hjl@gnu-6 pie]$
A patch is sent to LKML and uploaded at https://bugzilla.kernel.org/attachment.cgi?id=117741
Do you have a link to the LKML submission? I can't seem to find the current one, just the one from 2 years ago.
I sent it last Friday: Date: Fri, 6 Dec 2013 12:51:56 -0800 From: "H.J. Lu" <hongjiu.lu> To: linux kernel <linux-kernel.org> Cc: Jiri Kosina <jkosina>, Josh Boyer <jwboyer>, "H. Peter Anvin" <hpa> Subject: [PATCH] binfmt_elf: fix PIE load with randomization disabled and CCed to you. Did it show up in your mailbox?
(In reply to H.J. Lu from comment #3) > I sent it last Friday: > > Date: Fri, 6 Dec 2013 12:51:56 -0800 > From: "H.J. Lu" <hongjiu.lu> > To: linux kernel <linux-kernel.org> > Cc: Jiri Kosina <jkosina>, Josh Boyer <jwboyer>, "H. Peter > Anvin" <hpa> > Subject: [PATCH] binfmt_elf: fix PIE load with randomization disabled > > and CCed to you. Did it show up in your mailbox? No, it did not. It also isn't in my junk folders. I can't find it on any of the LKML archive sites either.
(In reply to Josh Boyer from comment #4) > No, it did not. It also isn't in my junk folders. I can't find it on any > of the LKML archive sites either. I re-sent it from gmail. Did you get it now?
(In reply to H.J. Lu from comment #5) > (In reply to Josh Boyer from comment #4) > > No, it did not. It also isn't in my junk folders. I can't find it on any > > of the LKML archive sites either. > > I re-sent it from gmail. Did you get it now? Yes, thank you.
This should really go upstream first. We can bring the results of that back to whatever kernel F19 is on when that happens.
This message is a notice that Fedora 19 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 19. It is Fedora's policy to close all bug reports from releases that are no longer maintained. Approximately 4 (four) weeks from now this bug will be closed as EOL if it remains open with a Fedora 'version' of '19'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 19 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.