On 11/15/2011 04:57 PM, Anthony Liguori wrote: > On 11/15/2011 05:25 AM, Peter Maydell wrote: >> On 15 November 2011 09:34, Avi Kivity<a...@redhat.com> wrote: >>> Change the default on x86 hosts to building PIE (position independent >>> executables); instead of restricting the option to user-only targets, >>> apply it to all targets. >>> >>> In addition, set the relocation sections to read-only (relro) when >>> available; >>> this reduces the attack surface by disallowing changes to relocation >>> tables >>> at runtime. >>> >>> While PIE reduces performance and relro increases load time, it greatly >>> improves security, with the potential to reduce a code execution >>> vulnerability >>> to a self denial of service. >>> >>> Non-x86 are not changed, as they require TCG changes. >>> >>> Signed-off-by: Avi Kivity<a...@redhat.com> >> >> Reviewed-by: Peter Maydell<peter.mayd...@linaro.org> >> >> ...as far as the technical content of the patch is concerned. >> I'm still rather dubious about the merits of putting this patch >> in this late in the release cycle. > > How about we limit this to be enabled by default on x86 Linux hosts? > > That would make me a lot more comfortable for 1.0 since I expect we > can test that exhaustively.
It certainly suits me. v8 coming up. -- error compiling committee.c: too many arguments to function
