F22 System Wide Change: Harden all packages with position-independent code
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Fri Jan 9 21:31:54 UTC 2015
On Fri, Jan 09, 2015 at 06:45:47PM +0100, Dhiru Kholia wrote:
> On Fri, 9 Jan 2015, Zbigniew Jędrzejewski-Szmek wrote:
>
> > ...
> > Microbenchmarks get us only so far, we need to know the impact the
> > change makes for the whole system. We won't know that until enough
> > packages have been rebuilt.
>
> https://www.alpinelinux.org/about/
>
> "The kernel is patched with grsecurity/PaX out of the box, and all
> userland binaries are compiled as Position Independent Executables (PIE)
> with stack smashing protection."
>
> The whole system performance can't be that bad. Other distributions
> (Alpine Linux being one of them) are already fully PIE enabled.
I think we're in agreement.
Zbyszek
More information about the devel
mailing list