On 2012-02-06 11:59:53 AM, Bill Nottingham wrote: > Stephen John Smoogen (smooge@xxxxxxxxx) said: > > > > Discussion from irc today pointed out the..... difficulty with our > > > > security with prelink running on our systems. > > Is this a general issue that should be pushed up the stack? I think the "difficulty with our security" bit was referring to some weirdness which caused issues with the needs-restarting utility. However, I do have other reasons for questioning the need for prelink in Fedora in general. My main issue is that with prelink enabled, non-PIE binaries essentially have library address randomization disabled (they are still randomized every 2 weeks when prelink runs, but the addresses stay the same in between). This makes many types of security bugs far easier to exploit on Fedora than on distros without prelink. One argument against this point is that we should just enable PIE on apps which are security-sensitive, or which are likely to be exploited. While I definitely don't disagree with this point, I think we're very far from having that happen, and in addition, doing so would cause us to lose many of the speedups that prelink is supposed to give (progams which need to handle a lot of potentially untrusted inputs, like openoffice, should then have PIE enabled). With all this in mind, I'd definitely be interested in seeing a discussion about whether prelink should stay enabled by default on Fedora. Thanks, Ricky
Attachment:
pgpJSq2OHbah0.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
