Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 27 Apr 2013 02:14:05 +0800
From: Pavel Labushev <pavel.labushev@...box.no>
To: owl-dev@...ts.openwall.com
Subject: Re: PIE on x86_64

On Fri, 12 Apr 2013 22:26:58 +0400
Solar Designer <solar@...nwall.com> wrote:

> > What are your reasons not to link executables as ET_DYN, even though
> > the target CPU architecture is PC-relative?
> 
> I think we should start doing that, and benchmark to make sure there's
> no unexpected performance drop.  Vasily?

And silence was the answer... Is it too much work? You could make -fpie
and the other hardening flags compiler's built-in defaults, like it is
done in Hardened Gentoo. It may be simpler and more robust than
tweaking specs of every package and would set more secure defaults for
anything that users might compile.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ