So everything in Rawhide must be compiled with -fPIC?

Fri Feb 20 17:21:59 UTC 2015

>> I've never argumented against the goal that web browser or all network aware
>> services should be PIEs, after all, why would we (Ulrich Drepper and myself)
>> add the PIE support into the toolchain otherwise?
>> I'm just not convinced most of the unpriviledged programs should be PIEs.
>
> Thanks to e.g. e-mail about any program can be made to run untrusted
> data, e.g. PDF readers, office suites, image viewers, if you open an
> attachment of the respective type. Therefore it makes a sane default
> IMHO. It is also something to attract users that care about security
> very much to Fedora.

So your saying here that this is miraculously going to stop people
from running random binaries that are being emailed to them? Or is
just going stop people from running random non PIC/PIE binaries? I
don't buy that this is a miracle fix to that problem. How then does it
affect other third party binaries not compiled with PIC/PIE that
people might wish to run?

More over in the Change request [1] I don't see any evidence with
examples, links to research papers etc on how this makes things more
secure.... all I see is basically "because SECURITY man!!!" . The
feature says "our users less likely become victims of attacks" but
which sort of attacks, how does it improve security. I understand why
we'd want it on remotely accessible daemons and long running back
ground processes, even things like mail clients that connect to the
internet. There is absolutely no technical detail in the change, other
than the technical change to implement it, there's no mention that it
will have an impact on performance, with numbers to back it up, across
the three primary architectures.

Given that the person who actually wrote the code to implement the
actual functionality has grave concerns about it's usefulness and
impact to end users and packagers. I'm also concerned that he will be
the person that will need to fix problems are likely going to be seen
by packagers and not you as the person proposing the change? Do you
have the time and ability to deal with these problems? Having dealt
with these issues across a number of architectures and having had to
ask Jakob nicely for his time and assistance when there's been issues
from his response I'm not sure you've got his buy in to deal with
this.

Also I've seen no performance analysis across all three architectures
to see the impact. I'll happily send you an XO-1 to test on (our
lowest supported device on i686 and also one of our most widely
deployed Fedora device) and ARM hardware if you've not got access to
test.

Fedora users tend to keep hardware around for longer time than a lot
of enterprises, it's also a distro used a lot in the developing world
on low end cheap hardware because the rest of the world isn't
necessarily so privileged as to be able afford the latest and greatest
and I think we need to consider that along side "possible" security
improvements!

Peter

[1] https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code