creating Linux "portable" x64 binary

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

creating Linux "portable" x64 binary

Juan Isoza


Hello,
I want create for one of my application a Linux binary which run on all current linux system running x86_64 processor.

by example, I uses -static-libgcc -static-libstdc++ when I link my app , because I'm not sure found recent version of this lib
I also use -lrt to prevent search some tims function added on recent GLIBC

With openssl 1.1.0, I had no problem related to openssl

With openssl 1.1.1, there is somes modern function searched at compile on recent library

So, I just run these command
sed -i -e 's/__ELF__/__ELF_and_sure_modern__/g' ./crypto/rand/rand_unix.c
sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/rand/rand_unix.c
sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/getenv.c
sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/crypto.c
sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/uid.c

with this modification, I'm sure that checking of modern API fail, and I use previous api (like if I compile on oldest linux).

I suggest offering an option to not trying using these modern GLICBC_PREREQ , or pehaps uses dl (when openssl is compiled to uses dl)

regards!
Reply | Threaded
Open this post in threaded view
|

Re: creating Linux "portable" x64 binary

Paul Zillmann
Hello Juan,

unfortunately is it not possible to static link the glibc.
You can try static link another libc like musl-libc [1].

Should there be any problems compiling OpenSSL with musl-libc, take a
look at the packages from Alpine Linux [2], they are using musl as their
standard libc.
You should get portable POSIX Linux ELF64 executables out of this process.

1: https://www.musl-libc.org/how.html
2: https://git.alpinelinux.org/aports/tree/main/openssl/APKBUILD

- Paul

Am 22.02.19 um 11:28 schrieb Juan Isoza:

>
>
> Hello,
> I want create for one of my application a Linux binary which run on
> all current linux system running x86_64 processor.
>
> by example, I uses -static-libgcc -static-libstdc++ when I link my app
> , because I'm not sure found recent version of this lib
> I also use -lrt to prevent search some tims function added on recent GLIBC
>
> With openssl 1.1.0, I had no problem related to openssl
>
> With openssl 1.1.1, there is somes modern function searched at compile
> on recent library
>
> So, I just run these command
> sed -i -e 's/__ELF__/__ELF_and_sure_modern__/g' ./crypto/rand/rand_unix.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g'
> ./crypto/rand/rand_unix.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/getenv.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/crypto.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/uid.c
>
> with this modification, I'm sure that checking of modern API fail, and
> I use previous api (like if I compile on oldest linux).
>
> I suggest offering an option to not trying using these modern
> GLICBC_PREREQ , or pehaps uses dl (when openssl is compiled to uses dl)
>
> regards!

Reply | Threaded
Open this post in threaded view
|

Re: creating Linux "portable" x64 binary

Hubert Kario
In reply to this post by Juan Isoza
On Friday, 22 February 2019 11:28:33 CET Juan Isoza wrote:

> Hello,
> I want create for one of my application a Linux binary which run on all
> current linux system running x86_64 processor.
>
> by example, I uses -static-libgcc -static-libstdc++ when I link my app ,
> because I'm not sure found recent version of this lib
> I also use -lrt to prevent search some tims function added on recent GLIBC
>
> With openssl 1.1.0, I had no problem related to openssl
>
> With openssl 1.1.1, there is somes modern function searched at compile on
> recent library
>
> So, I just run these command
> sed -i -e 's/__ELF__/__ELF_and_sure_modern__/g' ./crypto/rand/rand_unix.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g'
> ./crypto/rand/rand_unix.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/getenv.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/crypto.c
> sed -i -e 's/__GLIBC_PREREQ/__GLIBC__not_use_PREREQ/g' ./crypto/uid.c
>
> with this modification, I'm sure that checking of modern API fail, and I
> use previous api (like if I compile on oldest linux).
>
> I suggest offering an option to not trying using these modern GLICBC_PREREQ
> , or pehaps uses dl (when openssl is compiled to uses dl)
compile it on oldest system that you wish to target

glibc is backwards compatible so new versions of it will work with binaries
compiled with old versions

forward compatibility (compiling with new glibc and running with old library)
is not supported, and even if it may appear to work initially, it's not
something that is generally supported and in practice very hard to support and
may lead to hard to detect vulnerabilities.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic

signature.asc (849 bytes) Download Attachment