On Thu, Feb 19, 2015 at 12:34 PM, Till Maas <opensource@xxxxxxxxx> wrote:
On Thu, Feb 19, 2015 at 08:15:19PM +0100, Jakub Jelinek wrote:
> I've never argumented against the goal that web browser or all network aware
> services should be PIEs, after all, why would we (Ulrich Drepper and myself)
> add the PIE support into the toolchain otherwise?
> I'm just not convinced most of the unpriviledged programs should be PIEs.
Thanks to e.g. e-mail about any program can be made to run untrusted
data, e.g. PDF readers, office suites, image viewers, if you open an
attachment of the respective type. Therefore it makes a sane default
IMHO. It is also something to attract users that care about security
very much to Fedora.
https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode
https://gcc.gnu.org/ml/gcc/2004-06/msg01956.html
From those articles, it sounds like it's a worst case 5-10% hit. I agree that's kind of annoying and a lot of my stuff doesn't even run connected to the internet, but if that 5-10% worst case hit that will usually be imperceptible can prevent my machine from being bitten by some malware that got on the network because someone plugged in a USB drive they shouldn't have, then I'm all for it.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
