oss-sec mailing list archives
Re: Vendor adoption of PIE INFO#934476 oss-security
From: Stuart Henderson <stu () spacehopper org>
Date: Sun, 16 Feb 2014 21:23:14 +0000
On 2014/02/16 11:01, Christos Zoulas wrote:
On Feb 16, 2:28pm, stu () spacehopper org (Stuart Henderson) wrote: -- Subject: Re: [oss-security] Vendor adoption of PIE INFO#934476 oss-securit | By the way, OpenBSD has switched compilers to generating PIE code by | default on the majority of architectures, various arch's over the last | couple of releases, but as of a couple of months ago we've also done | this for i386 (x86) too, so I can give some specific examples of | where you can expect to run into problems. | | On amd64 (x86_64) fallout has been mostly limited to compilers and a | couple of other programs, e.g. emacs, qemu, clisp, erlang, ghc, sbcl, | which we are building with PIE disabled. | | Additionally for i386 there have been problems with register pressure | on programs with their own asm code (mostly games), in particular | code doing cpuid checks often doesn't save/restore %ebx, but there | have been some others. In one case there was code for x86 OSX which | avoids scribbling on %ebx which we've been able to borrow, and I think | there were one or two where we've switched from asm to a generic C | implementation. Of course, shared libraries already have to take | this into account so not too much trouble there. | | Everything else, base system and ports, is built with PIE. | On the whole, experiences have been pretty good. Obviously there is | some performance impact but we haven't yet had any reports of this | causing major problems (though we will probably know more about this | after 5.5 is released when the average user will first see i386 | packages built with PIE by default). Are you doing any RELRO work? christos
AIUI this was added in binutils 2.16, so I don't believe we have support for it in our toolchain yet (we're currently using 2.15 on most architectures, the last attempt at updating had to be backed out due to a number of problems experienced in ports).
Current thread:
- Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center (Feb 11)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Feb 15)
- Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Christos Zoulas (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson (Feb 16)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Feb 15)
- Re: Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center (Feb 16)