Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-8336] iOS: Feature request to enable fPIE command line option in iOS app build

GitHub Issuen/a
TypeNew Feature
PriorityMedium
StatusClosed
ResolutionInvalid
Resolution Date2012-07-11T09:22:05.000+0000
Affected Version/sRelease 2.0.0
Fix Version/sn/a
ComponentsiOS
LabelsSupportTeam, core
ReporterVarun Joshi
AssigneeStephen Tramer
Created2012-03-27T14:41:03.000+0000
Updated2017-03-23T21:40:06.000+0000

Description

A new feature has been requested to be added to the iOS app binary, that improves the code security. It utilizes the ASLR (address space layout randomization) that Apple has introduced as an important security feature in the latest version of the iPhone's software (4.3+). The PIE can be enabled when compiling by command line with option -fPIE. Essentially, we need to be able to compile with the command line option -fPIE. This article explains more about the address space randomization and how iPhone utilizes it: http://money.cnn.com/2011/08/04/technology/iphone_hack/index.htm

Comments

  1. Max Stepanov 2012-07-05

    All applications compiled for iOS 4.3+ have -fPIE option on by default. The reason that the resulting binary is not PIE (and thus partially utilizes ASLR) is that all object files should be compiled with PIC (Position Independent Code) option. This includes any external static libraries, JSCore runtime, modules etc. If any of the object files is not PIC, the whole application binary will not be PIE.
  2. Max Stepanov 2012-07-05

    How to detect if an application binary compiled as PIE: 
       otool -hv <app_binary> |grep PIE
  3. Stephen Tramer 2012-07-10

    This ticket can be resolved by taking advantage of the new <min-ios-ver> setting in tiapp.xml by bumping it to 4.3 or higher. Only these versions of iOS support PIC/PIE. If running with various internal modules continues to keep executables produced by Titanium at PIE for versions 4.3+, will resolve as INVALID.
  4. Stephen Tramer 2012-07-10

    It is also worth noting that armv6 does not appear to support PIE. Only armv7 devices will support it.
  5. Stephen Tramer 2012-07-10

    Not necessary. All libraries and Titanium apps compile as PIC but the minimum iOS version must be set to at least 4.3. Use the feature described in TIMOB-2999 which is available in 2.2.0 CI as of now.
  6. Lee Morris 2017-03-23

    Closing ticket as invalid with reference to the previous comments.

JSON Source