Re: Offset2lib: bypassing full ASLR on 64bit Linux

[Hanno Böck <hanno () hboeck de>]

Okay, I'm surprised to see that while everyone seems to claim
performance reasons are why we don't use fpic/pie by default I can't
find anyone actually benchmarking it.

*disclaimer: benchmarking is tricky business, I don't know if I messed
something up. If you feel this is a completely wrong way to benchmark
this I'm open to suggestions. *

I decided a reasonable target would be a static compile of ffmpeg,
because it does some complicated stuff.
I compiled two copies mostly identical with the difference that for one
I passed CFLAGS="-O2" LDFLAGS="" while for the other I passed
CFLAGS="-O2 -fpic" LDFLAGS="-pie".

I then converted a h264 video to mpeg4.

This is what I got:
no pie/pic: 14.664, 14.606, 14.685, 14.719, 14.69, average: 14.6728
pie/pic: 14.776, 14.951, 14.947, 14.798, 14.898, average: 14.874

So it seems the difference is at least measurable (around 1,4%) but not
big.

I haven't benchmarked with the patches Florian referred to, they
involve patching gold and gcc (the above is done with classic ld).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature