Am 03.04.2013 01:50, schrieb John Reiser: >> It does rather seem like we should consider just killing it [prelink], at least by default. > > Prelinking shortens the time between execve() and first useful output in theory > A prelinked module reduces time spent in ld-linux, and increases sharing > of pages (which reduces time spent in kernel duplicating copy-on-write pages.) > The savings are *visible* when invoking an interactive GUI program that has > dozens of shared libraries, or when several hundred smaller executables > are invoked each second, such as some 'make' clouds, etc. not noticeable compared with the security flaws > Some systems want those savings, and are willing to pay with slightly > less protection via reduced ASLR. then THIS SYSTEMS shoudk install prelink but not install it AS DEFAULT > Some administrators compensate > by running a full prelink daily, and a partial prelink of "hot" modules > (glibc, ...) a few times during the day, even as often as hourly; > and with parameters to reduce interference with modules which are > not being [re-]prelinked during the current run fine they should do what they want but as DEFAULT anything which beats ASLR is UNACCEPTABLE these days
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
