Re: Compile with PIE

[Balint Reczey <balint.reczey () ericsson com>]

Bill Meier wrote:
> Stig Bjørlykke wrote:
> > Hi,
> >
> > Can we build Wireshark and friends as Position-independent executables (PIE)?
> > The attached patch seems to do this.  Any objections against this patch?
>
> I've no experience with Position-independent executables; A quick search 
> does suggest that there's a performance hit (every time the program is 
> loaded into memory ??).
>
>
> For example:
>
> From: http://www.redhat.com/magazine/009jul05/features/execshield/
>
>    "Position independent code has a performance overhead on most
>     architectures (x86-64 is the exception to this). For this reason,
>     neither Red Hat® Enterprise Linux® nor Fedora™ Core have the entire
>     distribution compiled as a PIE binary. Only selected, security
>     sensitive programs are compiled as PIEs. "
>
> Thoughts ??

Recent Debian and Ubuntu packages are already built with PIE and other 
security related hardening options:
http://wiki.debian.org/Hardening
http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html

I haven't tested the speed impacts, but the packaged binaries don't seem 
to be noticeably slower than the svn builds.

Cheers,
Balint

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe