Executables vs Shared objects
Solution 1:
Tl;dr
There's no difference, aside from the fact that a compiled executable might be linked against a shared object but not against an executable.
In general, there are two ways to compile1 an executable:
- Using static linking: external libraries included in the source code are compiled and the compiled library (or object in the linker's perspective) is added to the executable itself;
- Using dynamic linking: external libraries included in the source code are compiled but a link to the compiled library (or object in the linker's perspective) is added to the executable (and the compiled libraries / objects are loaded by the linker at run-time if needed);
There are advantages / disadvantages in using each of these methods, but that's not the point of the question;
-
/bin/ntfsck
and/usr/bin/gawk
are shared objects: this means that an executable might be compiled and then linked against them to use their functionalities; -
/bin/echo
is an executable: this means that an executable might not be compiled and then linked against it to use its functionalities;
So /bin/ntfsck
and /usr/bin/gawk
are technically compiled libraries (or objects in the linker's perspective), but, as one may have forsaw, nothing prevents a shared object from being run as an executable.
On a side note, notice also that file
reports (for each of them):
dynamically linked (uses shared libs)
This means that each of them is dynamically linked to (and likely uses) other shared objects as well.
1. "Compile" intended in its broader acceptation, which includes preprocessing, compilation and linking.
Solution 2:
Another difference is that executables have a defined entry point address offset, i.e., 0x08048000 for i386, 0x00400000 for x86 and 0x00010000 for arm.
A shared object file can be a library, but also an executable. When being an executable, there is no such offset. A shared object executable, so to say, is a positional independent executable (PIE) using address space layout randomization (ASLR). Thus, when looking at its /proc/pid/maps file, you will notice that the location of the loaded segments vary in each execution in contrast to standard executables.
The idea behind this feature is to add security to executables by hindering attackers from performing return-oriented programmings attacks. Many maintainers decided to build packages with PIE enabled as the default, e.g., since Fedora 23 or with Ubuntu 17.10.