Re: Bug#430455: openssh PIEs, part II
On Wed, Jun 27, 2007 at 12:00:04AM +0000, Thorsten Glaser wrote:
> As for the PIEs, kFreeBSD 6.x kernel has gained a patch to support
> executing PIEs some time ago (since I only tested 5.4 and 7.0 I had
> not known that, plus I'm not exactly a heavy Debian user...), and
> they backported the fix to the 5.x kernel series (the 7.0 series are,
> according to the developers, "experimental", and outdated).
To be honest, since it isn't mandatory, I'd rather not have the support
headache for a while.
> So there is no need on your part to not build PIEs on kFreeBSD any
> more. (I wonder what the benefit of a PIE is, do you happen to have
> a pointer to some docs/manual on it? I know (now) in theory what a
> PIE is, but don't see the point.)
It lets us take advantage of address space layout randomisation to make
stack-smashing attacks harder.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: