So everything in Rawhide must be compiled with -fPIC?

Reindl Harald h.reindl at thelounge.net
Thu Feb 19 19:18:24 UTC 2015


Am 19.02.2015 um 20:15 schrieb Jakub Jelinek:
> On Thu, Feb 19, 2015 at 07:58:10PM +0100, Reindl Harald wrote:
>> Am 19.02.2015 um 19:48 schrieb Till Maas:
>>> On Thu, Feb 19, 2015 at 07:07:45PM +0100, Jakub Jelinek wrote:
>>>
>>>> Even on x86_64 it was quite a measurable slowdown last time I've benchmarked
>>>> it, now in F22+ we might have smaller slowdown with the x86_64 copyreloc for
>>>
>>> Which packages are there that do not process untrusted data and are
>>> slowed down much?
>>
>> none these days don't process untrusted data and "slowed down much" needs to
>> be defined very well and not only by a syntectitc benchmark throwing numbers
>> around - if it is not noticeable by a user it don't exist and security was,
>> is and always will be a compromise between user expierience
>>
>> in other words: leave me in piece with generic benchmarks and things faster
>> in theory not look at the time for recovery when machines where compromised
>>
>> i ran all network aware services with my own build-overrides with
>> -fstack-protector-all long before fedora considered -fstack-protector-srtong
>> with *zero* difference for daily workloads as example
>
> I've never argumented against the goal that web browser or all network aware
> services should be PIEs, after all, why would we (Ulrich Drepper and myself)
> add the PIE support into the toolchain otherwise?
> I'm just not convinced most of the unpriviledged programs should be PIEs.

because malware don't need root privileges to do a lot of harm

on enduser machines most data is feeded to "unpriviledged programs" and 
i have not seen much packages the last few years without a CVE - better 
be safe than sorry!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150219/e7f004be/attachment.sig>


More information about the devel mailing list