F22 System Wide Change: Harden all packages with position-independent code
Reindl Harald
h.reindl at thelounge.net
Fri Jan 9 17:01:14 UTC 2015
Am 09.01.2015 um 16:56 schrieb John Reiser:
> On 01/09/2015 04:05 AM, Reindl Harald wrote:
>
>> *but* since *mobile phones* and other operating systems in the
>> meantime are full PIE and it improves security how can someone justify
>> the reason performance on a desktop/server distribution with much more
>> powerful hardware?
>
> Often the usage statistics are vastly different. A mobile phone might
> instantiate
> a module (main program or shared library) a few thousand times per day,
> while a
> desktop/server often instantiates a module many thousand times per minute.
> Thus the initial costs of processing the relocation table often do not
> matter
> on the phone, but can be significant on the desktop/server
you missed a important post of another person
_________________________________________________________________________
iOS 4.3 or later, and OS X 10.7 or later, fully support PIE executables;
moreover, applications submitted for distribution via Apple's App Store
are required to be fully position-independent
In OpenBSD, the amd64 and other platforms have been switched to PIE
(position-independent executables) by default
_________________________________________________________________________
I don't want to go the road where press articles say a specific bug in
software XYZ available for Linux, BSD and OSX would have only on Fedora
not been mitigated because we still discuss over performance impacts
while others already went ahead
https://fedoraproject.org/wiki/Foundations
First represents our commitment to innovation
I would welcome Fedora be first in things like this topic instead as
often in the past replace already working things with unfinished alpha
quality and need 3 follow-up releases to get back from where it came and
praise "new things" which are in fact regression-fixes and features
which where there before the replacements
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150109/f872294f/attachment.sig>
More information about the devel
mailing list