Re: prelink performance gains [summary]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 16, 2013 at 9:44 AM, Jan Kratochvil
<jan.kratochvil@xxxxxxxxxx> wrote:
> What exactly bothers you?  It (generally) speeds up programs startup.
>
> As a summary I see prelink has some bugs:
>  * -y has false mismatches: https://bugzilla.redhat.com/show_bug.cgi?id=666143
>  * %preun does not unprelink: https://bugzilla.redhat.com/show_bug.cgi?id=841434
>  * It has a bug that in some cases it slows down the startup (seen on mplayer).
>    https://lists.fedoraproject.org/pipermail/devel/2013-October/190274.html
>  * It possibly should disable itself to run on very low memory systems as
>    there can be running multiple copies of prelinked/unprelinked binaries.
>
> Plus prelink is affected by bugs in other packages:
>  * cron: It should not run cron.daily(+weekly...) if the user is not idle or
>    if the system is running on battery
>  * systemd should restart daemons which are updated.  For example
>    openssh-server restarts itself in %postuninstall but not all packages do so.
>  * tripwire/rkhunter/...: System verificators should use 'prelink -y'.
>  * FIPS: It should unprelink the whole system if it needs it that way.

I'm not bothered about prelink requiring extra work, you're right that
it is a toolchain optimization work like any other in that regard; but
knowing about these bugs and not having enough people interested in
fixing them does bother me.

> There is remaining security request to have all binaries PIE. IIUC it is for
> the case of untrusted files stored at local filesystem accessed by for example
> gzip where exploits could be reduced by having for example even gzip PIE.
> I do not find it worth the small performance hit but people may disagree.

FESCo has discussed using PIE for all binaries on x86_64 fairly
recently (https://fedorahosted.org/fesco/ticket/1113), and rejected it
due to the performance impact; AFAICS removing prelink would _not_
change the rationale used to make that decision.
    Mirek
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux