On Wed, 3 Apr 2013, Miloslav Trmač wrote:
On Wed, Apr 3, 2013 at 12:18 AM, Adam Williamson
On 31/03/13 08:11 AM, Richard W.M. Jones wrote:
However prelink does reduce the effectiveness of ASLR (a bit). See
and follow-up conversation.
Ignoring the silly stuff, it does seem that this is Yet Another Reason Prelink Is Bad
Is it? The linked comment says the opposite: prelink might interfere with ASLR, but for
most programs it doesn't make a difference.
Even the latter discussion about local attackers doesn't really apply when any PIE
executable automatically means prelink is ignored
both for the executable and for any used shared libraries, as Jakub said.
To me, prelink is still evil for breaking FIPS. I've requested a few times
that prelink plays nicer with FIPS mode, like running prelink -ua during
bootup when FIPS mode is on. And running prelink -ua when the prelink
package is uninstalled. Neither trivial solutions are implemented in
The only argument in favour of prelink is speed. People selecting FIPS
have clearly made the decision to favour extra security over speed.
I'm strongly in favour of getting rid of it completely, and letting
Moore's Law do its job.