[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Question about PIEs
- From: Arjan van de Ven <arjan infradead org>
- To: "Red Hat Enterprise Linux 4 (Nahant) Discussion List" <nahant-list redhat com>
- Subject: Re: Question about PIEs
- Date: Thu, 20 Apr 2006 22:40:23 +0200
On Thu, 2006-04-20 at 13:20 -0700, Jeffrey Siegal wrote:
> On Apr 20, 2006, at 13:17 , Arjan van de Ven wrote:
> I was thinking more about the rest of the apps on the system -- the
> "lower risk" ones. Wouldn't there be some benefit to making those
> PIEs and letting the prelinker choose a random (per system) address?
not a lot. PIE is not really THAT important in the grand scheme of
things. Don't get me wrong, there is a non-zero value for security, but
the costs are also high (20% performance or so). There are other
measures that are lighter that get you a bigger bang for the buck
(FORTIFY_SOURCE for example). For the "really hot ones" it makes sense
to do it anyway. For the others... not really.
Think of it this way: you use PIE to protect against repeated, remote
attacks. For local attacks your proposal to prelink them would void the
advantage entirely: PIE works because each time it's different (for
remote). If you're local and it's the same for a prolonged period of
time, you've gained nothing. So: prelink+PIE to defend against local
attacks gains you exactly zero, but costs you 20% in performance.
NotUseful(tm).
For defending against remote it makes sense, but the stakes are so much
higher there that you'll also want to pay the no-prelink price. (since
most network daemons are long-lived, this no-prelink price isn't all
that high in practice anyway for these specific applications)
Does this make sense?
Greetings,
Arjan van de Ven
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]