Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD + ASLR



On Fri, Jul 18, 2008 at 05:58:14PM -0400, Christos Zoulas wrote:
> You can build everything PIE if you set MKPIE=yes in /etc/mk.conf.
> Note that I have not built a complete PIE system, or turned on
> security.pax.aslr.global. If you do that you are on your own :-)

Few words about personal experiences.

I haven't tried building a system with MKPIE=yes lately because it was
broken a long time somewhere in the path of 4.99.x. Compared to this,
USE_SSP=yes has been much more stable.

But I have used security.pax.aslr.global ever since it was introduced. As
long as I remember to temporarily turn it off when compiling something,
everything is fine and haven't noticed any stability or performance impacts
whatsoever.


Regards,

Jukka R.


Home | Main Index | Thread Index | Old Index