Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Position-independent code
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== {{Anchor|PIE}}Position-independent executables == {{See also|Address space layout randomization}} ''Position-independent executables'' (PIE) are executable binaries made entirely from position-independent code. While some systems only run PIC executables, there are other reasons they are used. PIE binaries are used in some [[Security-focused operating system|security-focused]] [[Linux]] distributions to allow [[PaX]] or [[Exec Shield]] to use [[address space layout randomization]] (ASLR) to prevent attackers from knowing where existing executable code is during a security attack using [[security exploit|exploits]] that rely on knowing the offset of the executable code in the binary, such as [[return-to-libc attack]]s. (The official Linux kernel since 2.6.12 of 2005 has a weaker ASLR that also works with PIE. It is weak in that randomness is applied to whole ELF file units.)<ref>{{cite web |last1=Lettieri |first1=G |title=Address Space Layout Randomization |url=https://lettieri.iet.unipi.it/hacking/aslr-pie.pdf}}</ref> Apple's [[macOS]] and [[iOS]] fully support PIE executables as of versions 10.7 and 4.3, respectively; a warning is issued when non-PIE iOS executables are submitted for approval to Apple's App Store but there's no hard requirement yet {{when|date=July 2020}} and non-PIE applications are not rejected.<ref name="Non-PIE"/><ref name="iOS"/> [[OpenBSD]] has PIE enabled by default on most architectures since OpenBSD 5.3, released on 1 May 2013.<ref name="OpenBSD_2013"/> Support for PIE in [[statically linked]] binaries, such as the executables in <code>[[/bin]]</code> and <code>/sbin</code> directories, was added near the end of 2014.<ref name="Fedora_2014"/> openSUSE added PIE as a default in 2015-02. Beginning with [[Fedora (operating system)|Fedora]] 23, Fedora maintainers decided to build packages with PIE enabled as the default.<ref name="Fedora"/> [[Ubuntu (operating system)|Ubuntu]] [[Ubuntu version history#Ubuntu 17.10 (Artful Aardvark)|17.10]] has PIE enabled by default across all architectures.<ref name="Ubuntu"/> [[Gentoo Linux|Gentoo]]'s new profiles now support PIE by default.<ref name="gentoo-pie"/> Around July 2017, [[Debian]] enabled PIE by default.<ref name="Liang_2017"/> [[Android (operating system)|Android]] enabled support for PIEs in [[Android Jelly Bean|Jelly Bean]]<ref name="Android_1-4"/> and removed non-PIE linker support in [[Android Lollipop|Lollipop]].<ref name="Android_5"/>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)