So everything in Rawhide must be compiled with -fPIC?
davejohansen at gmail.com
Thu Feb 19 19:38:03 UTC 2015
On Thu, Feb 19, 2015 at 12:34 PM, Till Maas <opensource at till.name> wrote:
> On Thu, Feb 19, 2015 at 08:15:19PM +0100, Jakub Jelinek wrote:
> > I've never argumented against the goal that web browser or all network
> > services should be PIEs, after all, why would we (Ulrich Drepper and
> > add the PIE support into the toolchain otherwise?
> > I'm just not convinced most of the unpriviledged programs should be PIEs.
> Thanks to e.g. e-mail about any program can be made to run untrusted
> data, e.g. PDF readers, office suites, image viewers, if you open an
> attachment of the respective type. Therefore it makes a sane default
> IMHO. It is also something to attract users that care about security
> very much to Fedora.
>From those articles, it sounds like it's a worst case 5-10% hit. I agree
that's kind of annoying and a lot of my stuff doesn't even run connected to
the internet, but if that 5-10% worst case hit that will usually be
imperceptible can prevent my machine from being bitten by some malware that
got on the network because someone plugged in a USB drive they shouldn't
have, then I'm all for it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel