| 1 |
On Thursday 20 October 2011 23:20:35 Duncan wrote: |
| 2 |
> Magnus G suggests possibly adding PIE to amd64, which is already PIC, |
| 3 |
|
| 4 |
this isn't quite right. amd64 shared objects (i.e. libraries) are PIC. the |
| 5 |
applications are not. |
| 6 |
|
| 7 |
> Still, speaking as an ~amd64 user myself, that's certainly an acceptable |
| 8 |
> tradeoff from the user-side, particularly as most users will only have |
| 9 |
> perhaps a handful of those 30 packages installed. If the gentoo/amd64 |
| 10 |
> folks and the maintainers of those 30 packages don't mind too much, I |
| 11 |
> believe it does make sense. |
| 12 |
|
| 13 |
usually these packages are multimedia related. like ffmpeg iirc. so i think |
| 14 |
the impact is much greater than your estimate here. |
| 15 |
|
| 16 |
> Then, as legacy x86 gradually dies off and those who haven't already done |
| 17 |
> so gradually switch to amd64 (or possibly arm, but I don't know enough |
| 18 |
> about that to comment in this context), they'd get the security upgrade |
| 19 |
> as a part of the package. =:^) |
| 20 |
|
| 21 |
poor PIC performance isn't specific to x86. it's just the largest affected user |
| 22 |
base. i'd have to dig into the ABI's to say which others have issues. |
| 23 |
|
| 24 |
> What about x32, tho? Does it get PIC by default too, or not, and if not, |
| 25 |
|
| 26 |
x32 is same as x86_64 wrt PIC |
| 27 |
|
| 28 |
> And for bindnow, do you mean the "-Wl,-z,now" that's part of my LDFLAGS? |
| 29 |
|
| 30 |
yes |
| 31 |
|
| 32 |
> there's some initial-load-time and arguably some memory cost, but less |
| 33 |
> post-load run-time latency and issues when those libs would be otherwise |
| 34 |
> be lazy-loaded, and I decided that tradeoff was one I could live with! |
| 35 |
|
| 36 |
i don't think there's a memory cost. the initial load time is waste and is |
| 37 |
noticeable on much larger packages like OOo. |
| 38 |
-mike |
Archives