Subject: Re: Importing PaX features to NetBSD
To: None <firstname.lastname@example.org>
From: Matt Thomas <email@example.com>
Date: 12/18/2005 16:12:45
> On 18 Dec 2005 at 13:49, Matt Thomas wrote:
>>PIE? Ewww. :) PIE was primarily intended for small embedded systems.
> i think you're mixing it up with something else, PIE was explicitly
> created to address the main executable randomization problem :
> "This option creates something between a shared library and normal
> executable, which can be used for security exposed binaries so that their
> base address can be randomized (either a constant address different on
> each box through prelink -R (support for PIEs in prelink will be comming),
> or totally random address)."
PIE also forces a portion of .text to be nonshared (any relative relocations
that could be fixed in a based image will no longer be shared among multiple
processes). It will increase the complexity of program loading which is
already very complex.
Are all programs built/linked at PIE, or just a subset?
Matt Thomas email: firstname.lastname@example.org
3am Software Foundry www: http://3am-software.com/bio/matt/
Cupertino, CA disclaimer: I avow all knowledge of this message.