F22 System Wide Change: Harden all packages with position-independent code

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Fri Jan 9 21:31:54 UTC 2015


On Fri, Jan 09, 2015 at 06:45:47PM +0100, Dhiru Kholia wrote:
> On Fri, 9 Jan 2015, Zbigniew Jędrzejewski-Szmek wrote:
> 
> > ...
> > Microbenchmarks get us only so far, we need to know the impact the
> > change makes for the whole system. We won't know that until enough
> > packages have been rebuilt.
> 
> https://www.alpinelinux.org/about/
> 
> "The kernel is patched with grsecurity/PaX out of the box, and all
> userland binaries are compiled as Position Independent Executables (PIE)
> with stack smashing protection."
> 
> The whole system performance can't be that bad. Other distributions
> (Alpine Linux being one of them) are already fully PIE enabled.
I think we're in agreement.

Zbyszek


More information about the devel mailing list