So everything in Rawhide must be compiled with -fPIC?
Jakub Jelinek
jakub at redhat.com
Thu Feb 19 19:15:19 UTC 2015
On Thu, Feb 19, 2015 at 07:58:10PM +0100, Reindl Harald wrote:
>
> Am 19.02.2015 um 19:48 schrieb Till Maas:
> >On Thu, Feb 19, 2015 at 07:07:45PM +0100, Jakub Jelinek wrote:
> >
> >>Even on x86_64 it was quite a measurable slowdown last time I've benchmarked
> >>it, now in F22+ we might have smaller slowdown with the x86_64 copyreloc for
> >
> >Which packages are there that do not process untrusted data and are
> >slowed down much?
>
> none these days don't process untrusted data and "slowed down much" needs to
> be defined very well and not only by a syntectitc benchmark throwing numbers
> around - if it is not noticeable by a user it don't exist and security was,
> is and always will be a compromise between user expierience
>
> in other words: leave me in piece with generic benchmarks and things faster
> in theory not look at the time for recovery when machines where compromised
>
> i ran all network aware services with my own build-overrides with
> -fstack-protector-all long before fedora considered -fstack-protector-srtong
> with *zero* difference for daily workloads as example
I've never argumented against the goal that web browser or all network aware
services should be PIEs, after all, why would we (Ulrich Drepper and myself)
add the PIE support into the toolchain otherwise?
I'm just not convinced most of the unpriviledged programs should be PIEs.
Jakub
More information about the devel
mailing list