[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: prelink: is it worth it?

On Sat, Jul 11, 2009 at 12:26 AM, Jakub Jelinek <jakub redhat com> wrote:
On Fri, Jul 10, 2009 at 11:29:43PM +0200, yersinia wrote:
> Ok. But prelink it or not a requisite for ASLR or not ? In other word,
> besides performance
> is disabling prelink a security matter or not ? It is not bad to have some
> answer on this.

ASLR happens with prelink or without.  Particularly, PIEs (should be used
for most of suid/network facing or otherwise security exposed programs) are
always randomized, both the binary itself and all shared libraries it uses.

Other than that, on prelinked system libraries are assigned random addresses
whenever reprelinked, while when not prelinked, libraries are given random
addresses on every exec.  Non-PIE binaries have always fixed address.


Thank a lot for your answer: this was a delicate and very interesting issue, for me almost.

Best regards

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]