Re: Compile with PIE

[Joerg Mayer <jmayer () loplof de>]

On Tue, Jan 05, 2010 at 07:38:31PM +0100, Balint Reczey wrote:
> > > Can we build Wireshark and friends as Position-independent executables (PIE)?
> > > The attached patch seems to do this.  Any objections against this patch?

Go ahead, but please see comments below.

> > I've no experience with Position-independent executables; A quick search 
> > does suggest that there's a performance hit (every time the program is 
> > loaded into memory ??).
[...]
> Recent Debian and Ubuntu packages are already built with PIE and other 
> security related hardening options:
> http://wiki.debian.org/Hardening
> http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html
>
> I haven't tested the speed impacts, but the packaged binaries don't seem 
> to be noticeably slower than the svn builds.

If you are running wireshark with dynamic libraries, then all the libs are
already compiled with -fPIE anyway - and they do all the work. I wouldn't
expect there to be any measurable performance difference whatsoever.

But while you are at it, please follow that Debian harding link and have a
look at the additional  hardening methods too (that's what you get for having
a good idea *and* mentioning it ;->

 ciao
      Joerg
-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe