Gentoo Archives: gentoo-dev

From:	Mike Frysinger <vapier@g.o>
To:	gentoo-dev@l.g.o
Subject:	Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor?
Date:	Fri, 27 Jan 2012 19:43:10
Message-Id:	`201201271443.15169.vapier@gentoo.org`
In Reply to:	Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? by "Jason A. Donenfeld"

1	On Thursday 26 January 2012 11:55:54 Jason A. Donenfeld wrote:
2	> On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vapier@g.o> wrote:
3	> > pedantically, PIE+ASLR makes it significantly harder to exploit, not
4	> > impossible
5	> >
6	> > if we could get some general performance numbers that show non-PIE vs
7	> > PIE, that'd help make the case for turning PIE on by default regardless
8	> > of set*id.
9	>
10	> For starters, though, what about just pooping a Q&A warning for non-PIE
11	> SUID? That way those packages could be fixed, and we'd have a little trial
12	> to see how PIE behaves across different platforms. If that all goes well,
13	> we bump up to default, but that's a far off discussion.
14
15	a QA warning doesn't help anyone if we don't have documentation in place
16	explaining to people how to do this cleanly
17	-mike

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor?	"Jason A. Donenfeld" <Jason@×××××.com>