This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Add --enable-static-pie to build static executables as PIE
On 07/18/2017 09:10 AM, H.J. Lu wrote:
> On Tue, Jul 18, 2017 at 6:08 AM, Carlos O'Donell <carlos@redhat.com> wrote:
>> On 07/18/2017 08:30 AM, H.J. Lu wrote:
>>>> - What practical benefit do you get with a "static PIE"?
>>>
>>> A static PIE can be loaded at random address without
>>> dynamic linker.
>>
>> This is just a restating of what it does, Alan asked what practical
>> benefit it would have. What use cases do you see? Do you see us
>> completely replacing non-PIE static binaries with PIE static binaries
>> and then randomizing their load address to improve security?
>>
>
> Yes. That is the main use of PIE, isn't it?
Yes, distributions use PIE for security hardening.
Do you forsee any other uses?
What problems would we face in adopting PIE static binaries at the
distribution level?
How much bigger/slower are the code sequences for PIE static
binaries? I assume it is just the normal difference between non-PIC
vs. PIC?
--
Cheers,
Carlos.