From: | "Paweł Hajdan | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | ||
Date: | Fri, 27 Jan 2012 19:40:43 | ||
Message-Id: | 4F22FD6C.2020807@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? by "Jason A. Donenfeld" |
1 | On 1/27/12 8:02 PM, Jason A. Donenfeld wrote: |
2 | > I've just been informed that RHEL does not allow non-PIE executables. We |
3 | > really should follow suit here. |
4 | |
5 | I'm generally in favor of enabling more hardening features by default |
6 | (i.e. reversing the default, so that people who want to disable PIE can |
7 | still do it). Note that the hardened profile uses PIE by default iirc. |
8 | |
9 | The most common argument against it is performance loss I think, and |
10 | there are probably less than 10 packages that have some compilation |
11 | issues with PIE. In my opinion we can deal with that, and security |
12 | benefits are much more important. |
13 | |
14 | If the discussion on this doesn't get conclusive, how about adding the |
15 | question to the Council's agenda? |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Fabian Groffen <grobian@g.o> |
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | Mike Frysinger <vapier@g.o> |
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | "Jason A. Donenfeld" <Jason@×××××.com> |
Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? | "Anthony G. Basile" <blueness@g.o> |