F22 System Wide Change: Harden all packages with position-independent code
Till Maas
opensource at till.name
Wed Jan 7 22:04:04 UTC 2015
On Wed, Jan 07, 2015 at 08:30:03AM -0500, Josh Boyer wrote:
> We just went over something very much like this for x86_64 packages
> with FESCo ticket 1113:
>
> https://fedorahosted.org/fesco/ticket/1113
>
> Could you perhaps review that and elaborate on the differences between
> that proposal and this one if there are any? Additionally, could you
> cover any of the concerns listed there that apply to this proposal?
I proposed to make it the default for all archs and not only x86_64.
>From what I understand, the only reason it was not accepted is because
it was felt that the performance penalty is not worth the security gains
from this. I do not have objective numbers about how many exploits
that happened could be prevented with PIE and how many effort it took to
clean up after exploits compared to how much the performance penalty for
PIE costs. However, the experts that I talked about this think the
protection is worth it. I was also told that there were exploits where
PIE helped to mitigate them. Nevertheless, nevertheless, thank you for
the ticket link, it contains a lot of interesting information. However
it is said that even though the packaging guidelines were mentioned
there, they were kept in an unclear/contradictory state. But this is
also a new data point, even though it was highlighted more 20 months ago
to FeSCo, there are still a lot of packages violating the Guideline,
which shows that the current process does not really work. And if PIE is
not really considered to worth it, the guidelines should be adjusted to
reflect this. Currently it does not seem to be the case that most/all
packages that should be using PIE do not use it because maintainer
actively decided against it, but just because it is not the default. The
criteria for this is:
| Your package accepts/processes untrusted input.
This seems to be about every package that I use, because I most if not
all tools process untrusted data from the Internet.
Kind regards
Till
More information about the devel
mailing list