2011.Február 27.(V) 17:33 időpontban Ed W ezt írta: > On 27/02/2011 08:20, klondike wrote: >> 2011/2/27 Ed W<li...@wildgooses.com>: >>> On 26/02/2011 18:01, Magnus Granberg wrote: >>>> If you have read the last meeting we will be removing the pic use flag >>>> as >>>> default on in the hardened amd64 profile. We will start with the >>>> changes >>>> when >>>> the new structure to the profiles have settled down. >>> Hi, any chance of a bit of background on this change? ie the "why" and >>> some >>> of the implications? >> Summing it up a lot, amd64 usually needs not special asm code for PIC >> due to the way the ABI is defined (which means being PIC by default >> usually). >> >> That's not always the case, i.e. aircrack needed special PIC code, but >> in general it shouldn't be a problem. >> > > Sorry to probe further, but I'm not getting the big picture (durr) > > I think what you are saying is that using PIC requires some special > handling (but that work seems largely done now?). However, does > removing PIC leave the AMD64 architecture "less secure" in some way? Or
Using the ABI produces PIC-aware code in most cases without any special treatment. > is some other procedure now replacing PIC? > > My minimal understanding is that PIC is a key part of the address space > randomisation that is considered useful for system hardening. Where does > removing PIC leave us in that process? Removing PIC won't result in non-PIC code on amd64 in most cases. Dw.
