Newest at the top
| 2024-05-02 18:32:48 +0200 | <tomsmeding> | the answer seems to be, nothing is set up for that so you're on your own? |
| 2024-05-02 18:32:24 +0200 | <tomsmeding> | hseg's question now is "even if I link statically, can I at least get the security benefits of PIE" |
| 2024-05-02 18:32:19 +0200 | <int-e> | <s>Ask me about Arch</s> |
| 2024-05-02 18:32:10 +0200 | <tomsmeding> | we've gone over that :) |
| 2024-05-02 18:31:59 +0200 | <int-e> | The reason why Haskell libraries are generally linked statically is that there's no ABI compatibility between recompiled versions of the same library. |
| 2024-05-02 18:31:55 +0200 | <tomsmeding> | but yeah sorry, I thought I knew enough to help but I don't |
| 2024-05-02 18:31:14 +0200 | <int-e> | hseg: I'm on my own tangent which may or may not intersect with yours, sorry. |
| 2024-05-02 18:31:06 +0200 | <hseg> | ah |
| 2024-05-02 18:30:51 +0200 | <tomsmeding> | int-e was referring to the -fPIE note |
| 2024-05-02 18:30:34 +0200 | <hseg> | I'm confused -- why is it linking statically? |
| 2024-05-02 18:30:31 +0200 | tomsmeding | gives up |
| 2024-05-02 18:30:19 +0200 | califax | (~califax@user/califx) (Remote host closed the connection) |
| 2024-05-02 18:29:56 +0200 | <tomsmeding> | I see |
| 2024-05-02 18:29:40 +0200 | <int-e> | That's when trying to link statically; with -dynamic -pie I get a PIE executable that's dynamically linked. (Just a simple hello world, no `cabal` involved) |
| 2024-05-02 18:28:43 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) |
| 2024-05-02 18:28:30 +0200 | noumenon | (~noumenon@113.51-175-156.customer.lyse.net) (Read error: Connection reset by peer) |
| 2024-05-02 18:27:41 +0200 | <hseg> | https://0x0.st/XX23.txt |
| 2024-05-02 18:27:17 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) (Read error: Connection reset by peer) |
| 2024-05-02 18:27:17 +0200 | <int-e> | And the trouble you'll run into is that the base libraries won't be compiled with the requisite -fPIE flag. |
| 2024-05-02 18:25:15 +0200 | euleritian | (~euleritia@dynamic-176-001-008-240.176.1.pool.telefonica.de) |
| 2024-05-02 18:25:14 +0200 | <tomsmeding> | I added a non-boot dependency to be sure that that works too, in principle |
| 2024-05-02 18:25:01 +0200 | <tomsmeding> | I can compile an executable that gives the aforementioned string in file(1) output with just `-pie -dynamic`, nothing else |
| 2024-05-02 18:24:54 +0200 | <hseg> | tried --ghc-options='-pie -fPIE', didn't work |
| 2024-05-02 18:24:31 +0200 | <int-e> | s/--enable-shared/-fPIE/ I think (different from -pie, you need that for linking) |
| 2024-05-02 18:24:29 +0200 | euleritian | (~euleritia@ip4d16fc38.dynamic.kabel-deutschland.de) (Ping timeout: 240 seconds) |
| 2024-05-02 18:23:50 +0200 | <hseg> | testing... |
| 2024-05-02 18:23:35 +0200 | <tomsmeding> | don't even need the --enable-shared |
| 2024-05-02 18:23:11 +0200 | <tomsmeding> | try cabal configure --enable-shared --ghc-options='-pie -dynamic' |
| 2024-05-02 18:23:01 +0200 | <tomsmeding> | hseg: is 'ELF 64-bit LSB pie executable' in file(1) output what you're looking for? |
| 2024-05-02 18:19:19 +0200 | chele | (~chele@user/chele) (Remote host closed the connection) |
| 2024-05-02 18:19:15 +0200 | yin | (~yin@user/zero) |
| 2024-05-02 18:19:07 +0200 | <hseg> | in any case, that does put pie and relro back on the table for me |
| 2024-05-02 18:17:50 +0200 | machinedgod | (~machinedg@d173-183-246-216.abhsia.telus.net) (Ping timeout: 245 seconds) |
| 2024-05-02 18:17:03 +0200 | <hseg> | have they given up on ASLR for haskell? |
| 2024-05-02 18:16:54 +0200 | <hseg> | on dynamic linking, yes |
| 2024-05-02 18:15:49 +0200 | <tomsmeding> | debian has given up on that for haskell apparently https://wiki.debian.org/StaticLinking#Haskell |
| 2024-05-02 18:14:54 +0200 | <hseg> | nope -- PIC is for libraries, PIE is for executables AFAIK |
| 2024-05-02 18:14:51 +0200 | <tomsmeding> | despite the NOINLINE on foo in the source |
| 2024-05-02 18:14:42 +0200 | <tomsmeding> | about worker-wrapper, by the way: here https://play.haskell.org/saved/yjnPTDnN if you click on "Core" you see 'foo' at the bottom with annotations that say that it can be inlined; the NOINLINE is on M.$wfoo right above |
| 2024-05-02 18:14:26 +0200 | califax | (~califax@user/califx) |
| 2024-05-02 18:13:54 +0200 | <tomsmeding> | isn't an executable already PIE if it's dynamically linking against stuff? |
| 2024-05-02 18:13:22 +0200 | <hseg> | (and relro, but that's a separate thing) |
| 2024-05-02 18:13:08 +0200 | <hseg> | right, but that means that even statically-linked haskell should benefit from -pie |
| 2024-05-02 18:12:48 +0200 | <tomsmeding> | haskell executables do link dynamically against C libraries though |
| 2024-05-02 18:12:41 +0200 | <EvanR> | randomly clicking utf8-string on that page makes me think there should be a note about how Text is utf8 now |
| 2024-05-02 18:12:30 +0200 | <tomsmeding> | I guess? I don't know too much about this |
| 2024-05-02 18:12:20 +0200 | <hseg> | after all, it enables ASLR |
| 2024-05-02 18:12:06 +0200 | <hseg> | wait, isn't *PIC* for dynamic libraries, but *PIE* for any executable? |
| 2024-05-02 18:11:32 +0200 | <tomsmeding> | (random page with the name on it) |
| 2024-05-02 18:11:23 +0200 | <tomsmeding> | EvanR: makes me think of this guy's name https://hackage.haskell.org/user/IanLynagh |