Today’s entry comes a bit late in the day.  I’ll continue to blame it on holiday festivities until someone calls my bluff.  Speaking of holidays (and eating), our next speaker really likes PIE.  This isn’t your typical pie though;  Position Independent Executables (PIE) are executable binaries made entirely from position-independent code.  Kurt Miller will discuss his work on adding this functionality to OpenBSD.

OpenBSD has randomized the load addresses of shared libraries for many years.  This helps prevent attacks that are described as return-to-libc attacks.  However, programs are linked at fixed addresses which provides some optimizations for executables over shared libs.  When a program is complied and linked to be position independent (e.g. Position Independent Executable/PIE) some of those optimizations are waived for the ability to load the program at a random address.  In this session, I will discuss OpenBSD’s PIE implementation, its impact on existing security mechanisms such as W^X on i386, and the various enhancements needed to the runtime linker, kernel and other system libs.

Kurt presented this talk at NYCBSDCon last year and it was very well received.  Many of us get to take for granted much of his work on features like PIE and as maintainer of the OpenBSD JDK ports.  Come join us for DCBSDCon and buy Kurt a pint in appreciation.  See you there!

News Kurt Miller, OpenBSD, PIE, security