This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Add --enable-static-pie to build static executables as PIE
On Tue, Jul 18, 2017 at 6:14 AM, Carlos O'Donell <carlos@redhat.com> wrote:
> On 07/18/2017 09:10 AM, H.J. Lu wrote:
>> On Tue, Jul 18, 2017 at 6:08 AM, Carlos O'Donell <carlos@redhat.com> wrote:
>>> On 07/18/2017 08:30 AM, H.J. Lu wrote:
>>>>> - What practical benefit do you get with a "static PIE"?
>>>>
>>>> A static PIE can be loaded at random address without
>>>> dynamic linker.
>>>
>>> This is just a restating of what it does, Alan asked what practical
>>> benefit it would have. What use cases do you see? Do you see us
>>> completely replacing non-PIE static binaries with PIE static binaries
>>> and then randomizing their load address to improve security?
>>>
>>
>> Yes. That is the main use of PIE, isn't it?
>
> Yes, distributions use PIE for security hardening.
>
> Do you forsee any other uses?
I am not aware of it.
> What problems would we face in adopting PIE static binaries at the
> distribution level?
Nothing I can see.
> How much bigger/slower are the code sequences for PIE static
> binaries? I assume it is just the normal difference between non-PIC
> vs. PIC?
It is just PIE vs non-PIE. For size
Non-PIE;
[hjl@gnu-tools-1 build-x86_64-linux]$ size elf/sln
text data bss dec hex filename
603214 8268 5488 616970 96a0a elf/sln
[hjl@gnu-tools-1 build-x86_64-linux]$
PIE:
[hjl@gnu-tools-1 build-x86_64-linux]$ size elf/sln
text data bss dec hex filename
629171 20620 5424 655215 9ff6f elf/sln
[hjl@gnu-tools-1 build-x86_64-linux]$
--
H.J.