So everything in Rawhide must be compiled with -fPIC?
Dave Johansen
davejohansen at gmail.com
Thu Feb 19 19:38:03 UTC 2015
On Thu, Feb 19, 2015 at 12:34 PM, Till Maas <opensource at till.name> wrote:
> On Thu, Feb 19, 2015 at 08:15:19PM +0100, Jakub Jelinek wrote:
>
> > I've never argumented against the goal that web browser or all network
> aware
> > services should be PIEs, after all, why would we (Ulrich Drepper and
> myself)
> > add the PIE support into the toolchain otherwise?
> > I'm just not convinced most of the unpriviledged programs should be PIEs.
>
> Thanks to e.g. e-mail about any program can be made to run untrusted
> data, e.g. PDF readers, office suites, image viewers, if you open an
> attachment of the respective type. Therefore it makes a sane default
> IMHO. It is also something to attract users that care about security
> very much to Fedora.
>
https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode
https://gcc.gnu.org/ml/gcc/2004-06/msg01956.html
>From those articles, it sounds like it's a worst case 5-10% hit. I agree
that's kind of annoying and a lot of my stuff doesn't even run connected to
the internet, but if that 5-10% worst case hit that will usually be
imperceptible can prevent my machine from being bitten by some malware that
got on the network because someone plugged in a USB drive they shouldn't
have, then I'm all for it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150219/44e8e5eb/attachment.html>
More information about the devel
mailing list