[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#430455: openssh PIEs, part II

On Wed, Jun 27, 2007 at 12:00:04AM +0000, Thorsten Glaser wrote:
> As for the PIEs, kFreeBSD 6.x kernel has gained a patch to support
> executing PIEs some time ago (since I only tested 5.4 and 7.0 I had
> not known that, plus I'm not exactly a heavy Debian user...), and
> they backported the fix to the 5.x kernel series (the 7.0 series are,
> according to the developers, "experimental", and outdated).

To be honest, since it isn't mandatory, I'd rather not have the support
headache for a while.

> So there is no need on your part to not build PIEs on kFreeBSD any
> more. (I wonder what the benefit of a PIE is, do you happen to have
> a pointer to some docs/manual on it? I know (now) in theory what a
> PIE is, but don't see the point.)

It lets us take advantage of address space layout randomisation to make
stack-smashing attacks harder.


Colin Watson                                       [cjwatson@debian.org]

Reply to: