tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: tcpdump: drop privileges by default?



In article 
<4f68037e0909091308k65f5e821m95751cbc10e9d143%mail.gmail.com@localhost>,
Elad Efrat  <elad%NetBSD.org@localhost> wrote:
>On Wed, Sep 9, 2009 at 3:59 PM, Thor Lancelot Simon<tls%panix.com@localhost> 
>wrote:
>
>> I think [tcpdump], and a lot of similar things, should be paxctl +A +M at
>> install time.  What do you think?
>
>I agree but think we should probably do that in -current long enough
>before a release happens so it gets thoroughly tested. I know our ASLR
>doesn't work too well with some programs yet.

To take advantage of ASLR, you should build PIE binaries. Otherwise only
the stack segment and the shared libraries get randomized. The issues
with making PIE the default are performance and stability.

christos



Home | Main Index | Thread Index | Old Index