This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Add --enable-static-pie to build static executables as PIE

From: Carlos O'Donell <carlos at redhat dot com>
To: "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: Alan Modra <amodra at gmail dot com>, Rich Felker <dalias at libc dot org>, GNU C Library <libc-alpha at sourceware dot org>
Date: Tue, 18 Jul 2017 09:14:22 -0400
Subject: Re: RFC: Add --enable-static-pie to build static executables as PIE
Authentication-results: sourceware.org; auth=none
References: <CAMe9rOpAVyDYwe5o3S+0T96Ryeug=qHwgbQguGL4kaqJOrKViw@mail.gmail.com> <20170717222937.GQ1627@brightrain.aerifal.cx> <CAMe9rOozp6T25FzpP41S+PaWmANa955=K8hZcFagmFfoaQKgSA@mail.gmail.com> <20170718042500.GI14520@bubble.grove.modra.org> <CAMe9rOq3h1mvrLUn7CQ9vJ=NmERhr=Hb1KHu7-zkA6aKKT7WHA@mail.gmail.com> <c4629cca-3000-d7d3-28c8-d2142fcc4cfd@redhat.com> <CAMe9rOpkqOLqXCZQDVSd0xKWEJFZLCaDXpQw5hdtx_Hhs74aiQ@mail.gmail.com>

On 07/18/2017 09:10 AM, H.J. Lu wrote:
> On Tue, Jul 18, 2017 at 6:08 AM, Carlos O'Donell <carlos@redhat.com> wrote:
>> On 07/18/2017 08:30 AM, H.J. Lu wrote:
>>>> - What practical benefit do you get with a "static PIE"?
>>>
>>> A static PIE can be loaded at random address without
>>> dynamic linker.
>>
>> This is just a restating of what it does, Alan asked what practical
>> benefit it would have. What use cases do you see? Do you see us
>> completely replacing non-PIE static binaries with PIE static binaries
>> and then randomizing their load address to improve security?
>>
> 
> Yes.  That is the main use of PIE, isn't it?

Yes, distributions use PIE for security hardening.

Do you forsee any other uses?

What problems would we face in adopting PIE static binaries at the
distribution level?

How much bigger/slower are the code sequences for PIE static
binaries? I assume it is just the normal difference between non-PIC
vs. PIC?

-- 
Cheers,
Carlos.

Follow-Ups:
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Adhemerval Zanella
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu

References:
- RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Rich Felker
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Alan Modra
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Carlos O'Donell
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]