[arch-general] ASLR and PIE wider adoption.

Lukáš Jirkovský l.jirkovsky at gmail.com
Mon Apr 16 05:58:36 EDT 2012


On 16 April 2012 11:39, Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
>
> With more and more distros and even android employing gccs -fpie for
> building packages, should Arch consider enabling it.
>
> For my users it would mean less programs being killed by the
> grsecurity kernel due to text relocation attempts. No complaints yet as
> I have a sandboxed flash browser but eventually there may be one about
> x264/mp4.
>
> For everyone else it would mean a more secure system due to better use
> of ASLR.
>
> Are complications like static binaries an issue arch simply hasn't the
> time to deal with (does gcc work around them automatically now?) and do
> users care more about adding upto a few seconds to the start up time of
> some programs on x86 over security?

I'm against using PIC for executables, since it hursts speed
(especially on 32bit).

Lukas


More information about the arch-general mailing list