[arch-general] ASLR and PIE wider adoption.

Allan McRae allan at archlinux.org
Mon Apr 16 18:49:21 EDT 2012


On 17/04/12 00:37, Kevin Chadwick wrote:
> On Mon, 16 Apr 2012 11:58:36 +0200
> Lukáš Jirkovský wrote:
> 
>> (especially on 32bit).
> 
> 
> Slightly on 32bit and almost no difference on 64bit. OpenBSD uses PIEs
> everywhere and my x86 users say everythings much quicker than Windows.
> 

Care to define "slightly"...   I looked into this when we added some
hardening to our default CFLAGS and the benchmarks I found indicated
that adding PIE to 32bit added a 5-10% performance hit.

My suggestion would be for maintainers of various applications that
warrant this security (openssh, apache, samba, firefox...) to manually
enable it.  We could make PIE the default for x86_64.

Allan



More information about the arch-general mailing list