Position-Independent Executable (PIE) is a security feature that allows executables to be loaded at random memory addresses, enhancing security against certain types of attacks like buffer overflows. Non-PIE executables, on the other hand, are loaded at fixed addresses. This tutorial explains how to check if an executable is position-independent on Linux.
The readelf command, which is part of the Binutils package, can inspect an ELF (Executable and Linkable Format) file and determine whether it is a standard executable (EXEC) or a position-independent executable (DYN). The -h option of readelf displays the ELF file header, which contains important metadata about the executable, including its type.
For example:
readelf -h /bin/busybox | awk -F': *' '/Type/{print $2}'Output:
EXEC (Executable file)This output indicates that /bin/busybox is not position-independent.
For example:
readelf -h /usr/bin/mkdir | awk -F': *' '/Type/{print $2}'Output:
DYN (Position-Independent Executable file)Since the output is DYN, this confirms that /usr/bin/mkdir is a position-independent.
Leave a Comment
Cancel reply