Date: Sun, 16 Feb 2014 11:54:59 -0800 From: Nick Kralevich <nnk@...gle.com> To: oss-security@...ts.openwall.com Cc: "CERT(R) Coordination Center" <cert@...t.org> Subject: Re: Vendor adoption of PIE INFO#934476 oss-security On Sun, Feb 16, 2014 at 6:28 AM, Stuart Henderson <stu@...cehopper.org> wrote: > > Everything else, base system and ports, is built with PIE. > On the whole, experiences have been pretty good. Obviously there is > some performance impact but we haven't yet had any reports of this > causing major problems (though we will probably know more about this > after 5.5 is released when the average user will first see i386 > packages built with PIE by default). > On Android, third party applications have always been compiled with -fPIC, ever since the initial release of Android. As mentioned earlier in this thread, the performance impacts of PIC and PIE are similar. Starting in Android 4.1, all dynamically linked ARM  and x86  executables are compiled with PIE. Compiling with PIE on MIPS was added in Android 4.3 . Statically linked executables with PIE are not supported today , although I'd love to see it in the future. I have yet to hear any complaint, on x86 or ARM, about any real world performance impact of PIE on Android, even though the code has been live and in user's hands for almost 2 years.  https://android.googlesource.com/platform/build/+/026a85b129e4540a4d8d40aace47aa0c69f609da  https://android.googlesource.com/platform/build/+/d9d2e7a42c18a997ae47e4174713b5e2942044b5  https://android.googlesource.com/platform/build/+/f1e4df72651f38208f209f8c60ee18213a38d21d  http://comments.gmane.org/gmane.comp.gnu.binutils/56324 -- Nick Kralevich | Android Security | nnk@...gle.com | 650.214.4037
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ