Archives
Archives
| From: | "Jason A. Donenfeld" <Jason@×××××.com> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | ||
| Date: | Thu, 26 Jan 2012 16:57:11 | ||
| Message-Id: | CAHmME9pyQ7nf+5m==0zvp1R4H7F5UcT-98A5B7C3Cr18Hv789A@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? by Mike Frysinger |
||
| 1 | On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vapier@g.o> wrote: |
| 2 | > |
| 3 | > pedantically, PIE+ASLR makes it significantly harder to exploit, not |
| 4 | > impossible |
| 5 | > |
| 6 | > if we could get some general performance numbers that show non-PIE vs PIE, |
| 7 | > that'd help make the case for turning PIE on by default regardless of |
| 8 | > set*id. |
| 9 | > |
| 10 | |
| 11 | For starters, though, what about just pooping a Q&A warning for non-PIE |
| 12 | SUID? That way those packages could be fixed, and we'd have a little trial |
| 13 | to see how PIE behaves across different platforms. If that all goes well, |
| 14 | we bump up to default, but that's a far off discussion. |
| 15 | |
| 16 | |
| 17 | |
| 18 | > -mike |
| 19 | > |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | "Jason A. Donenfeld" <Jason@×××××.com> |
| Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Mike Frysinger <vapier@g.o> |