1 |
2011.Február 27.(V) 17:33 időpontban Ed W ezt írta: |
2 |
> On 27/02/2011 08:20, klondike wrote: |
3 |
>> 2011/2/27 Ed W<lists@××××××××××.com>: |
4 |
>>> On 26/02/2011 18:01, Magnus Granberg wrote: |
5 |
>>>> If you have read the last meeting we will be removing the pic use flag |
6 |
>>>> as |
7 |
>>>> default on in the hardened amd64 profile. We will start with the |
8 |
>>>> changes |
9 |
>>>> when |
10 |
>>>> the new structure to the profiles have settled down. |
11 |
>>> Hi, any chance of a bit of background on this change? ie the "why" and |
12 |
>>> some |
13 |
>>> of the implications? |
14 |
>> Summing it up a lot, amd64 usually needs not special asm code for PIC |
15 |
>> due to the way the ABI is defined (which means being PIC by default |
16 |
>> usually). |
17 |
>> |
18 |
>> That's not always the case, i.e. aircrack needed special PIC code, but |
19 |
>> in general it shouldn't be a problem. |
20 |
>> |
21 |
> |
22 |
> Sorry to probe further, but I'm not getting the big picture (durr) |
23 |
> |
24 |
> I think what you are saying is that using PIC requires some special |
25 |
> handling (but that work seems largely done now?). However, does |
26 |
> removing PIC leave the AMD64 architecture "less secure" in some way? Or |
27 |
|
28 |
Using the ABI produces PIC-aware code in most cases without any special |
29 |
treatment. |
30 |
|
31 |
> is some other procedure now replacing PIC? |
32 |
> |
33 |
> My minimal understanding is that PIC is a key part of the address space |
34 |
> randomisation that is considered useful for system hardening. Where does |
35 |
> removing PIC leave us in that process? |
36 |
|
37 |
Removing PIC won't result in non-PIC code on amd64 in most cases. |
38 |
|
39 |
Dw. |