os x: re-enable PIE (ASLR) #6466
Comments
bnoordhuis
added
c++
This is a follow-up to commit a5012a0 ("build: unbreak -prof, disable
PIE on OS X") that disabled PIE (and therefore ASLR) completely on OS X.
We now scan the command line options and re-exec the process with the
_POSIX_SPAWN_DISABLE_ASLR flag set when `-prof` is specified.
The options parser is smart enough to understand any combination of
`-prof` and `-noprof`, including alternative spellings like `--no_prof`.
Fixes: nodejs#6466
|
@bnoordhuis I wonder how lldb starts the process in such way that it is still able to resolve symbols. |
|
@indutny In exactly the same way as the PR. :-) |
|
While this is simple enough, lldb also works when attaching to existing process. I wonder if the image ranges reported by |
|
I've been investigating that but it's not exactly trivial: we'd first need to teach the profiler about the VM slide for each shared object and every third-party profiling tool would have to duplicate the effort. |
|
@bnoordhuis the reason why I ask this, is that with your patch one won't be able to start the profiler at runtime, and this is certainly desirable in some environments. If the tooling needs to break, then we probably need to keep it Will open an alternative PR in a bit. |
|
Here is my proposal: #6475 |
|
It seems that #6475 works too, so we have to decide what is the best for us. Would love to hear @nodejs/ctc opinion on this. |
|
@indutny ... to be honest, I'd trust you and @bnoordhuis most to make the decision on this. Whichever approach you each feel is right, works for me. |
|
@bnoordhuis how do you feel about Sumo fight? |
When exporting `shared-library` in profile log, additionally export a slide offset. This is required to parse profile logs generated on systems with ASLR (OS X), otherwise it is impossible to assign C++ symbol names to their addresses in the log. See: nodejs/node#6466 BUG= Review-Url: https://codereview.chromium.org/1934453003 Cr-Commit-Position: refs/heads/master@{#35921}
Original commit message:
[prof] export slide offset in profile log
When exporting `shared-library` in profile log, additionally export a
slide offset. This is required to parse profile logs generated on
systems with ASLR (OS X), otherwise it is impossible to assign C++
symbol names to their addresses in the log.
See: nodejs#6466
BUG=
Review-Url: https://codereview.chromium.org/1934453003
Cr-Commit-Position: refs/heads/master@{nodejs#35921}
|
@indutny @bnoordhuis ... ping |
|
pong |
|
This PR can be closed (and that's what I'll do.) I'll post a follow-up question in #6558. |
Commit a5012a0 disables PIE (and therefore ASLR) on OS X because it breaks profiling of C++ code. Ideally, we'd figure out a way to keep it turned on except when
-profis specified on the command line.I believe the only way to do that (except for having two separate binaries, which I don't think we want) is to re-exec the process with the
_POSIX_SPAWN_DISABLE_ASLR(256) flag set. The flag is ignored for setuid/setgid binaries so in that respect-Wl,-no_pieis superior.The text was updated successfully, but these errors were encountered: