>> I've never argumented against the goal that web browser or all network aware >> services should be PIEs, after all, why would we (Ulrich Drepper and myself) >> add the PIE support into the toolchain otherwise? >> I'm just not convinced most of the unpriviledged programs should be PIEs. > > Thanks to e.g. e-mail about any program can be made to run untrusted > data, e.g. PDF readers, office suites, image viewers, if you open an > attachment of the respective type. Therefore it makes a sane default > IMHO. It is also something to attract users that care about security > very much to Fedora. So your saying here that this is miraculously going to stop people from running random binaries that are being emailed to them? Or is just going stop people from running random non PIC/PIE binaries? I don't buy that this is a miracle fix to that problem. How then does it affect other third party binaries not compiled with PIC/PIE that people might wish to run? More over in the Change request [1] I don't see any evidence with examples, links to research papers etc on how this makes things more secure.... all I see is basically "because SECURITY man!!!" . The feature says "our users less likely become victims of attacks" but which sort of attacks, how does it improve security. I understand why we'd want it on remotely accessible daemons and long running back ground processes, even things like mail clients that connect to the internet. There is absolutely no technical detail in the change, other than the technical change to implement it, there's no mention that it will have an impact on performance, with numbers to back it up, across the three primary architectures. Given that the person who actually wrote the code to implement the actual functionality has grave concerns about it's usefulness and impact to end users and packagers. I'm also concerned that he will be the person that will need to fix problems are likely going to be seen by packagers and not you as the person proposing the change? Do you have the time and ability to deal with these problems? Having dealt with these issues across a number of architectures and having had to ask Jakob nicely for his time and assistance when there's been issues from his response I'm not sure you've got his buy in to deal with this. Also I've seen no performance analysis across all three architectures to see the impact. I'll happily send you an XO-1 to test on (our lowest supported device on i686 and also one of our most widely deployed Fedora device) and ARM hardware if you've not got access to test. Fedora users tend to keep hardware around for longer time than a lot of enterprises, it's also a distro used a lot in the developing world on low end cheap hardware because the rest of the world isn't necessarily so privileged as to be able afford the latest and greatest and I think we need to consider that along side "possible" security improvements! Peter [1] https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
