Am 19.02.2015 um 20:15 schrieb Jakub Jelinek:
On Thu, Feb 19, 2015 at 07:58:10PM +0100, Reindl Harald wrote:Am 19.02.2015 um 19:48 schrieb Till Maas:On Thu, Feb 19, 2015 at 07:07:45PM +0100, Jakub Jelinek wrote:Even on x86_64 it was quite a measurable slowdown last time I've benchmarked it, now in F22+ we might have smaller slowdown with the x86_64 copyreloc forWhich packages are there that do not process untrusted data and are slowed down much?none these days don't process untrusted data and "slowed down much" needs to be defined very well and not only by a syntectitc benchmark throwing numbers around - if it is not noticeable by a user it don't exist and security was, is and always will be a compromise between user expierience in other words: leave me in piece with generic benchmarks and things faster in theory not look at the time for recovery when machines where compromised i ran all network aware services with my own build-overrides with -fstack-protector-all long before fedora considered -fstack-protector-srtong with *zero* difference for daily workloads as exampleI've never argumented against the goal that web browser or all network aware services should be PIEs, after all, why would we (Ulrich Drepper and myself) add the PIE support into the toolchain otherwise? I'm just not convinced most of the unpriviledged programs should be PIEs.
because malware don't need root privileges to do a lot of harmon enduser machines most data is feeded to "unpriviledged programs" and i have not seen much packages the last few years without a CVE - better be safe than sorry!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
