On Tue, 17 Apr 2012 08:49:21 +1000 Allan McRae <allan@archlinux.org> wrote:
On 17/04/12 00:37, Kevin Chadwick wrote:
On Mon, 16 Apr 2012 11:58:36 +0200 Lukáš Jirkovský wrote:
(especially on 32bit).
Slightly on 32bit and almost no difference on 64bit. OpenBSD uses PIEs everywhere and my x86 users say everythings much quicker than Windows.
Care to define "slightly"... I looked into this when we added some hardening to our default CFLAGS and the benchmarks I found indicated that adding PIE to 32bit added a 5-10% performance hit.
My suggestion would be for maintainers of various applications that warrant this security (openssh, apache, samba, firefox...) to manually enable it. We could make PIE the default for x86_64.
Allan
+1 for the default -fPIE on 64bit. Probably LDFLAGS will also have to be appended with -z,now like they do in ubuntu... -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D