Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Fri Apr 5 14:01:55 UTC 2013
On 04/04/13 at 09:26am, Steve Grubb wrote:
> On Wednesday, April 03, 2013 09:05:18 PM Josh Bressers wrote:
> > On Wed, Apr 3, 2013 at 2:05 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> > How much does it (PIE) slow things down? I'm fairly certain you don't have any
> > good data on this point. Dhiru is working out how to best figure out FWIW.
> >
> > I'm willing to agree that PIE on x86 is going to be very slow due to
> > register pressure. However, we should consider revisiting what we want
> > built as PIE. Is Firefox a long running process?
>
> Firefox fits into the category of a parser of untrusted media. Therefore it
> should hardened.
FWIW, Ubuntu has been shipping PIE enabled Firefox for years now.
https://bugs.launchpad.net/ubuntu/+source/xulrunner-1.9.1/+bug/507744
I repeated the benchmarks (mentioned in the above bug report) for
Firefox 20.0 running on Fedora 18 64-bit.
http://dromaeo.com/?id=193034,193041,193043,193080,193080,193081,193082
First four columns are stock Firefox and last two columns are PIE
enabled Firefox.
There are no performance regressions it seems (at least not in the Dromaeo
JavaScript performance testing tool).
Upstream Bug (to add support for building Firefox as PIE),
https://bugzilla.mozilla.org/show_bug.cgi?id=857628
--
Dhiru
More information about the devel
mailing list