1 |
On 27/02/2011 08:20, klondike wrote: |
2 |
> 2011/2/27 Ed W<lists@××××××××××.com>: |
3 |
>> On 26/02/2011 18:01, Magnus Granberg wrote: |
4 |
>>> If you have read the last meeting we will be removing the pic use flag as |
5 |
>>> default on in the hardened amd64 profile. We will start with the changes |
6 |
>>> when |
7 |
>>> the new structure to the profiles have settled down. |
8 |
>> Hi, any chance of a bit of background on this change? ie the "why" and some |
9 |
>> of the implications? |
10 |
> Summing it up a lot, amd64 usually needs not special asm code for PIC |
11 |
> due to the way the ABI is defined (which means being PIC by default |
12 |
> usually). |
13 |
> |
14 |
> That's not always the case, i.e. aircrack needed special PIC code, but |
15 |
> in general it shouldn't be a problem. |
16 |
> |
17 |
|
18 |
Sorry to probe further, but I'm not getting the big picture (durr) |
19 |
|
20 |
I think what you are saying is that using PIC requires some special |
21 |
handling (but that work seems largely done now?). However, does |
22 |
removing PIC leave the AMD64 architecture "less secure" in some way? Or |
23 |
is some other procedure now replacing PIC? |
24 |
|
25 |
My minimal understanding is that PIC is a key part of the address space |
26 |
randomisation that is considered useful for system hardening. Where does |
27 |
removing PIC leave us in that process? |
28 |
|
29 |
So, sorry to be the dimwit, but can you give me a beginners guide to the |
30 |
implications of this change? |
31 |
|
32 |
Ta |
33 |
|
34 |
Ed W |