F22 System Wide Change: Harden all packages with position-independent code
John Reiser
jreiser at bitwagon.com
Fri Jan 9 15:56:45 UTC 2015
On 01/09/2015 04:05 AM, Reindl Harald wrote:
> *but* since *mobile phones* and other operating systems in the meantime are full PIE and it improves security how can someone justify the reason performance on a desktop/server distribution with much more powerful hardware?
Often the usage statistics are vastly different. A mobile phone might instantiate
a module (main program or shared library) a few thousand times per day, while a
desktop/server often instantiates a module many thousand times per minute.
Thus the initial costs of processing the relocation table often do not matter
on the phone, but can be significant on the desktop/server.
Modifying the relocation table of a PIE/PIC module costs a page of RAM.
This can matter in a small VM that has only 256MB or 512MB of RAM.
On a phone the net cost can be zero because if the pre-image is kept
compressed then often every page in the process image is new anyway.
A desktop/server usually stores most modules uncompressed and shareable.
More information about the devel
mailing list