pageexec@freemail.hu wrote:
> On 18 Dec 2005 at 13:49, Matt Thomas wrote:
>>PIE?  Ewww. :)  PIE was primarily intended for small embedded systems.
> 
> 
> i think you're mixing it up with something else, PIE was explicitly
> created to address the main executable randomization problem [1]:
> 
> "This option creates something between a shared library and normal
> executable, which can be used for security exposed binaries so that their
> base address can be randomized (either a constant address different on
> each box through prelink -R (support for PIEs in prelink will be comming),
> or totally random address)."

PIE also forces a portion of .text to be nonshared (any relative relocations
that could be fixed in a based image will no longer be shared among multiple
processes).  It will increase the complexity of program loading which is
already very complex.

Are all programs built/linked at PIE, or just a subset?
-- 
Matt Thomas                     email: matt@3am-software.com
3am Software Foundry              www: http://3am-software.com/bio/matt/
Cupertino, CA              disclaimer: I avow all knowledge of this message.