This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Add --enable-static-pie to build static executables as PIE

From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
To: libc-alpha at sourceware dot org
Date: Tue, 18 Jul 2017 10:21:32 -0300
Subject: Re: RFC: Add --enable-static-pie to build static executables as PIE
Authentication-results: sourceware.org; auth=none
References: <CAMe9rOpAVyDYwe5o3S+0T96Ryeug=qHwgbQguGL4kaqJOrKViw@mail.gmail.com> <20170717222937.GQ1627@brightrain.aerifal.cx> <CAMe9rOozp6T25FzpP41S+PaWmANa955=K8hZcFagmFfoaQKgSA@mail.gmail.com> <20170718042500.GI14520@bubble.grove.modra.org> <CAMe9rOq3h1mvrLUn7CQ9vJ=NmERhr=Hb1KHu7-zkA6aKKT7WHA@mail.gmail.com> <c4629cca-3000-d7d3-28c8-d2142fcc4cfd@redhat.com> <CAMe9rOpkqOLqXCZQDVSd0xKWEJFZLCaDXpQw5hdtx_Hhs74aiQ@mail.gmail.com> <12b75a8d-68de-8559-5538-3926213307de@redhat.com>


On 18/07/2017 10:14, Carlos O'Donell wrote:
> On 07/18/2017 09:10 AM, H.J. Lu wrote:
>> On Tue, Jul 18, 2017 at 6:08 AM, Carlos O'Donell <carlos@redhat.com> wrote:
>>> On 07/18/2017 08:30 AM, H.J. Lu wrote:
>>>>> - What practical benefit do you get with a "static PIE"?
>>>>
>>>> A static PIE can be loaded at random address without
>>>> dynamic linker.
>>>
>>> This is just a restating of what it does, Alan asked what practical
>>> benefit it would have. What use cases do you see? Do you see us
>>> completely replacing non-PIE static binaries with PIE static binaries
>>> and then randomizing their load address to improve security?
>>>
>>
>> Yes.  That is the main use of PIE, isn't it?
>  
> Yes, distributions use PIE for security hardening.
> 
> Do you forsee any other uses?
> 
> What problems would we face in adopting PIE static binaries at the
> distribution level?
> 
> How much bigger/slower are the code sequences for PIE static
> binaries? I assume it is just the normal difference between non-PIC
> vs. PIC?
> 

Also, do you know which is the status of current ports regarding binutils
support for static pie? 

For GLIBC, do you know which kind of port modifications would be required
to adapt it to support it?

Follow-Ups:
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu

References:
- RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Rich Felker
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Alan Modra
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Carlos O'Donell
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: H.J. Lu
- Re: RFC: Add --enable-static-pie to build static executables as PIE
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]