On Thu, Feb 19, 2015 at 12:34 PM, Till Maas <opensou...@till.name> wrote:
> On Thu, Feb 19, 2015 at 08:15:19PM +0100, Jakub Jelinek wrote: > > > I've never argumented against the goal that web browser or all network > aware > > services should be PIEs, after all, why would we (Ulrich Drepper and > myself) > > add the PIE support into the toolchain otherwise? > > I'm just not convinced most of the unpriviledged programs should be PIEs. > > Thanks to e.g. e-mail about any program can be made to run untrusted > data, e.g. PDF readers, office suites, image viewers, if you open an > attachment of the respective type. Therefore it makes a sane default > IMHO. It is also something to attract users that care about security > very much to Fedora. > https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode https://gcc.gnu.org/ml/gcc/2004-06/msg01956.html >From those articles, it sounds like it's a worst case 5-10% hit. I agree that's kind of annoying and a lot of my stuff doesn't even run connected to the internet, but if that 5-10% worst case hit that will usually be imperceptible can prevent my machine from being bitten by some malware that got on the network because someone plugged in a USB drive they shouldn't have, then I'm all for it.
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
