Date: Fri, 5 Dec 2014 20:59:16 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Offset2lib: bypassing full ASLR on 64bit Linux Okay, I'm surprised to see that while everyone seems to claim performance reasons are why we don't use fpic/pie by default I can't find anyone actually benchmarking it. *disclaimer: benchmarking is tricky business, I don't know if I messed something up. If you feel this is a completely wrong way to benchmark this I'm open to suggestions. * I decided a reasonable target would be a static compile of ffmpeg, because it does some complicated stuff. I compiled two copies mostly identical with the difference that for one I passed CFLAGS="-O2" LDFLAGS="" while for the other I passed CFLAGS="-O2 -fpic" LDFLAGS="-pie". I then converted a h264 video to mpeg4. This is what I got: no pie/pic: 14.664, 14.606, 14.685, 14.719, 14.69, average: 14.6728 pie/pic: 14.776, 14.951, 14.947, 14.798, 14.898, average: 14.874 So it seems the difference is at least measurable (around 1,4%) but not big. I haven't benchmarked with the patches Florian referred to, they involve patching gold and gcc (the above is done with classic ld). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.