[vbox-dev] Virtualbox compiled as PIE/PIC
Dariem Pérez Herrera
dariemp at uci.cu
Mon Feb 22 01:57:47 PST 2010
El 21/02/10 14:05, Knut St. Osmundsen escribió:
> On Feb 21, 2010, at 2:52 AM, Dariem Pérez Herrera wrote:
>> This is a patch I made trying to solve an issue presented in Gentoo Hardened project. VirtualBox doesn't compile with gcc if PIC/PIE related options are activated. The problem is related to inline asm code trying to use ebx register for passing arguments, but PIC/PIE systems reserve this register for specific functions, so special treatment is required when PIC/PIE is defined (gcc refuses to compile such a code if you don't do it). This may need extensive testing, but it seems to work fine. Please, let me know any problem you encounter. The patch is under MIT license.
> Since etherboot ROM code that belongs to the guest side of the operation, I don't think it should be necessary to make it build in PIC or PIE mode. A better fix would be to disable the PIC/PIE options in the makefile.
But... what if someone consider important to have VirtualBox compiled
with PIE/PIC? What if someone doesn't want his/her network capable
virtual machine (with its vboxnetflt.ko inserted into the kernel) be
without this mitigation technique activated? Would you take away from
him/her this possibility? I'm just asking...
More information about the vbox-dev