Subject: Re: Importing PaX features to NetBSD
To: None <>
From: Matt Thomas <>
List: tech-security
Date: 12/18/2005 16:12:45 wrote:
> On 18 Dec 2005 at 13:49, Matt Thomas wrote:
>>PIE?  Ewww. :)  PIE was primarily intended for small embedded systems.
> i think you're mixing it up with something else, PIE was explicitly
> created to address the main executable randomization problem [1]:
> "This option creates something between a shared library and normal
> executable, which can be used for security exposed binaries so that their
> base address can be randomized (either a constant address different on
> each box through prelink -R (support for PIEs in prelink will be comming),
> or totally random address)."

PIE also forces a portion of .text to be nonshared (any relative relocations
that could be fixed in a based image will no longer be shared among multiple
processes).  It will increase the complexity of program loading which is
already very complex.

Are all programs built/linked at PIE, or just a subset?
Matt Thomas                     email:
3am Software Foundry              www:
Cupertino, CA              disclaimer: I avow all knowledge of this message.