From: | "Jason A. Donenfeld" <Jason@×××××.com> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | ||
Date: | Thu, 26 Jan 2012 16:57:11 | ||
Message-Id: | CAHmME9pyQ7nf+5m==0zvp1R4H7F5UcT-98A5B7C3Cr18Hv789A@mail.gmail.com | ||
In Reply to: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? by Mike Frysinger |
1 | On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vapier@g.o> wrote: |
2 | > |
3 | > pedantically, PIE+ASLR makes it significantly harder to exploit, not |
4 | > impossible |
5 | > |
6 | > if we could get some general performance numbers that show non-PIE vs PIE, |
7 | > that'd help make the case for turning PIE on by default regardless of |
8 | > set*id. |
9 | > |
10 | |
11 | For starters, though, what about just pooping a Q&A warning for non-PIE |
12 | SUID? That way those packages could be fixed, and we'd have a little trial |
13 | to see how PIE behaves across different platforms. If that all goes well, |
14 | we bump up to default, but that's a far off discussion. |
15 | |
16 | |
17 | |
18 | > -mike |
19 | > |
Subject | Author |
---|---|
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | "Jason A. Donenfeld" <Jason@×××××.com> |
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Mike Frysinger <vapier@g.o> |