[arch-general] ASLR and PIE wider adoption.
Leonid Isaev
lisaev at umail.iu.edu
Tue Apr 17 11:17:43 EDT 2012
On Tue, 17 Apr 2012 08:49:21 +1000
Allan McRae <allan at archlinux.org> wrote:
> On 17/04/12 00:37, Kevin Chadwick wrote:
> > On Mon, 16 Apr 2012 11:58:36 +0200
> > Lukáš Jirkovský wrote:
> >
> >> (especially on 32bit).
> >
> >
> > Slightly on 32bit and almost no difference on 64bit. OpenBSD uses PIEs
> > everywhere and my x86 users say everythings much quicker than Windows.
> >
>
> Care to define "slightly"... I looked into this when we added some
> hardening to our default CFLAGS and the benchmarks I found indicated
> that adding PIE to 32bit added a 5-10% performance hit.
>
> My suggestion would be for maintainers of various applications that
> warrant this security (openssh, apache, samba, firefox...) to manually
> enable it. We could make PIE the default for x86_64.
>
> Allan
>
+1 for the default -fPIE on 64bit. Probably LDFLAGS will also have to
be appended with -z,now like they do in ubuntu...
--
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120417/5bcdab23/attachment.asc>
More information about the arch-general
mailing list