使用不可重定位的汇编程序代码链接从来没有问题直到gcc 6.2.0。我不知道盯着这个的确切版本,但是使用gcc 5.4.0(及以下版本),这有效:
$ gcc -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
然而,使用gcc 6.2.0:
$ gcc -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
/usr/bin/ld: ../../../lib/libribs2_ssl.a(context_asm.o): relocation R_X86_64_32S against symbol `current_ctx' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
尝试强制静态链接会产生另一个问题:
$ gcc -static -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto -ldl
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
(.text+0x11): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
../obj/httpget.o: In function `main':
/home/nir/ribs2/examples/httpget/src/httpget.c:194: warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
使用gethostbyname()时程序会出现段错误(但不是这样)
尝试混合静态和动态也不起作用。
$ gcc -o httpget -Wl,-Bstatic ../obj/httpget.o ../../../lib/libribs2_ssl.a -Wl,-Bdynamic -lssl -lcrypto
/usr/bin/ld: ../../../lib/libribs2_ssl.a(context_asm.o): relocation R_X86_64_32S against symbol `current_ctx' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Nonrepresentable section on output
collect2: error: ld returned 1 exit status
有什么想法吗?链接到项目:https://github.com/niryeffet/ribs2
答案 0 :(得分:3)
感谢来自@Jester的提示:向LDFLAGS添加-no-pie(不是-fno-PIE)解决了这个问题。
gcc -no-pie -o httpget ../obj/httpget.o ../../../lib/libribs2_ssl.a -lssl -lcrypto
此更改也适用于gcc 5.4。似乎默认情况已经改变。
<强>更新
这解释了它。来自https://wiki.ubuntu.com/SecurityTeam/PIE
在Ubuntu 16.10中,作为额外的编译器强化措施,我们已经完成了 默认情况下,在amd64和ppc64le上启用PIE和立即绑定。 这极大地提高了ASLR在这些平台上的有效性。