SA does not work if executable is DSO

[Yasumasa Suenaga]

Hi Andrew,

You can build PIE binaries with files which are provided by redhat-rpm-config as below:

```
$ bash configure --with-native-debug-symbols=internal --enable-debug --disable-warnings-as-errors --disable-hotspot-gtest --with-extra-cflags=-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 --with-extra-cxxflags=-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 --with-extra-ldflags=-specs=/usr/lib/rpm/redhat/redhat-hardened-ld
$ make images
```

If you use OpenJDK 8 in Fedora 25, you can reproduce as below:

1. Run Java App with OpenJDK
      I use java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64

2. Collect core images via gcore
      $ gcore <PID>

3. Run jstack with LIBSAPROC_DEBUG
```
$ LIBSAPROC_DEBUG=1 jstack /usr/lib/jvm/java-1.8.0-open
jdk-1.8.0.121-1.b14.fc25.x86_64/bin/java core.1031
Attaching to core core.1031 from executable /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-1.b14.fc25.x86_64/bin/java, please wait...
libsaproc DEBUG: executable file is not a valid ELF ET_EXEC file
Error attaching to core file: Can't attach to the core file
sun.jvm.hotspot.debugger.DebuggerException: Can't attach to the core file
         at sun.jvm.hotspot.debugger.linux.LinuxDebuggerLocal.attach0(Native Method)
            :
```


Thanks,

Yasumasa


On 2017/02/07 19:14, Andrew Haley wrote:
> On 05/02/17 14:25, Yasumasa Suenaga wrote:
>
>> In modern Linux e.g. Fedora 25, executables are built as DSO for security [1].
>> java command in OpenJDK which is provided by distribution is also DSO.
>> However, SA does not work with DSO executables.
>>
>> I want to propose the fix as below.
>
> Please explain what steps are needed to reproduce this problem.  What
> commands did you use?
>
> Thanks,
>
> Andrew.
>
>