So everything in Rawhide must be compiled with -fPIC?
h.reindl at thelounge.net
Thu Feb 19 19:18:24 UTC 2015
Am 19.02.2015 um 20:15 schrieb Jakub Jelinek:
> On Thu, Feb 19, 2015 at 07:58:10PM +0100, Reindl Harald wrote:
>> Am 19.02.2015 um 19:48 schrieb Till Maas:
>>> On Thu, Feb 19, 2015 at 07:07:45PM +0100, Jakub Jelinek wrote:
>>>> Even on x86_64 it was quite a measurable slowdown last time I've benchmarked
>>>> it, now in F22+ we might have smaller slowdown with the x86_64 copyreloc for
>>> Which packages are there that do not process untrusted data and are
>>> slowed down much?
>> none these days don't process untrusted data and "slowed down much" needs to
>> be defined very well and not only by a syntectitc benchmark throwing numbers
>> around - if it is not noticeable by a user it don't exist and security was,
>> is and always will be a compromise between user expierience
>> in other words: leave me in piece with generic benchmarks and things faster
>> in theory not look at the time for recovery when machines where compromised
>> i ran all network aware services with my own build-overrides with
>> -fstack-protector-all long before fedora considered -fstack-protector-srtong
>> with *zero* difference for daily workloads as example
> I've never argumented against the goal that web browser or all network aware
> services should be PIEs, after all, why would we (Ulrich Drepper and myself)
> add the PIE support into the toolchain otherwise?
> I'm just not convinced most of the unpriviledged programs should be PIEs.
because malware don't need root privileges to do a lot of harm
on enduser machines most data is feeded to "unpriviledged programs" and
i have not seen much packages the last few years without a CVE - better
be safe than sorry!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: OpenPGP digital signature
More information about the devel