<br><br><div class="gmail_quote">On Fri, Dec 9, 2011 at 11:24 AM, Eric Christopher <span dir="ltr"><<a href="mailto:echristo@apple.com">echristo@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><br><div><div class="im"><div>On Dec 9, 2011, at 11:23 AM, Kostya Serebryany wrote:</div><br><blockquote type="cite"><br><br><div class="gmail_quote">On Fri, Dec 9, 2011 at 11:16 AM, Eric Christopher <span dir="ltr"><<a href="mailto:echristo@apple.com" target="_blank">echristo@apple.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><br>
On Dec 9, 2011, at 11:12 AM, Kostya Serebryany wrote:<br>
<br>
> Yes, we have no ASRL with -no_pie.<br>
> Can we disable ASRL even with -pie?<br>
> On linux we can do it with "setarch x86_64 -R".<br>
><br>
<br>
</div>You asked about link time. Now it sounds like you're talking about runtime?<br></blockquote><div><br></div><div>Link time is of course better. </div><div>But if there is a syscall (like the one used by setarch) we could call it and reexec. </div>
<div>Using setenv("DYLD_NO_PIE")+reexec looks gross to me. </div><div> </div></div></blockquote><div><br></div></div><div>Not sure honestly.</div></div></div></blockquote><div><br></div><div>Thanks. If anyone knows, please jump in. </div>
<div><br></div><div>As for the patch, I really don't like </div><div> 1. 3 different cases for 3 different flavors of MacOS. How are we goring to support it? </div><div> 2. doing setenv+reexec. This will be a debugging nightmare for us and for users. </div>
<div> </div><div>I would prefer just to print a descriptive warning message and exit: </div><div> ==123== ERROR: AddressSanitizer on MacOS requires to disable ASRL for the executable. </div><div> ==123== ERROR: You can do it this way: </div>
<div> ==123== ERROR: <how to disable ASLR></div><div> ==123== ABORTING</div><div><br></div><div>--kcc </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div><div class="im"><br><blockquote type="cite"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><br>
> Another question: if asan would require -no_pie on Mac, will this be a serious limitation?<br>
><br>
<br>
</div>If asan required no pie on Linux, would it be a serious limitation?<br></blockquote><div><br></div><div>For Linux, I don't think this will be too bad, but may cause some users a bit of pain to rework their build files.</div>
<div>Luckily, asan and -pie work together on Linux quite well. </div><div>I don't know how important is "-pie" on Mac. </div></div></blockquote></div></div><br><div>Just as important as it is on Linux.</div>
<span class="HOEnZb"><font color="#888888"><div><br></div><div>-eric</div></font></span></div>
</blockquote></div><br>