Announcement

Collapse
No announcement yet.

OpenSUSE Tumbleweed Is Now Built With PIE

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSUSE Tumbleweed Is Now Built With PIE

    Phoronix: OpenSUSE Tumbleweed Is Now Built With PIE

    The rolling-release openSUSE Tumbleweed distribution is now building its packages with PIE (Position Independent Executables) as the default...

    http://www.phoronix.com/scan.php?pag...Tumbleweed-PIE

  • #2
    sounds like ffmpeg won't run anymore in Tumbleweed.

    Comment


    • #3
      Originally posted by starshipeleven View Post
      sounds like ffmpeg won't run anymore in Tumbleweed.
      Does it? It only means that PIE is enabled by default, but it might still be disabled for specific packages. The Android change mentioned on the Ubuntu thread was about the OS refusing to load non-PIE binaries, but that's a different thing.

      Comment


      • #4
        Originally posted by GrayShade View Post
        Does it? It only means that PIE is enabled by default, but it might still be disabled for specific packages. The Android change mentioned on the Ubuntu thread was about the OS refusing to load non-PIE binaries, but that's a different thing.
        If it's disabled on select packages, then it's much less interesting than I thought.

        Comment


        • #5
          Originally posted by starshipeleven View Post
          If it's disabled on select packages, then it's much less interesting than I thought.
          That's what the article and mail say:

          While I am still fixing some stragglers where the default did not trigger,
          and subtracting the packages where PIE was too tricky currently (emacs,
          qemu, small number of others), I would estimate a 97% coverage at
          this time. An rpmlint check will be added.

          Comment


          • #6
            Originally posted by GrayShade View Post
            That's what the article and mail say:
            Yeah I read it, I assumed that "subtracting" meant that the packages where PIE couldn't be enabled were not available. I can concede that it is not worded in a very clear way.

            Maybe FFMpeg is available but with assembly optimizations disabled (so it is quite a bit slower).

            Comment


            • #7
              All in the name of security and address space randomization. I hope they realize that when everything is position independent then malware also has it easier to inject code since it can move code around more freely. If this trade-off is worth anything is still questionable to me. The 2%-5% performance hit most code sees when compiled as PIE is however real.

              Comment


              • #8
                Originally posted by sdack View Post
                All in the name of security and address space randomization. I hope they realize that when everything is position independent then malware also has it easier to inject code since it can move code around more freely.
                Assuming that what you said is right (I don't think it is), then it still needs to guess where stuff he wants to relocate is.

                Comment


                • #9
                  Fiver

                  Comment


                  • #10
                    If im understanding correctly, this seems like the wrong solution to a common problem.

                    Sounds like trying a hammer on screws.

                    Comment

                    Working...
                    X