Re: Bug#430455: openssh PIEs, part II

To: Thorsten Glaser <tg@mirbsd.de>, 430455@bugs.debian.org
Cc: debian-bsd@lists.debian.org
Subject: Re: Bug#430455: openssh PIEs, part II
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 27 Jun 2007 07:33:18 +0100
Message-id: <20070627063318.GD4163@riva.ucam.org>
In-reply-to: <Pine.BSM.4.64L.0706262357120.26811@odem.mirbsd.org>
References: <Pine.BSM.4.64L.0706262357120.26811@odem.mirbsd.org>

On Wed, Jun 27, 2007 at 12:00:04AM +0000, Thorsten Glaser wrote:
> As for the PIEs, kFreeBSD 6.x kernel has gained a patch to support
> executing PIEs some time ago (since I only tested 5.4 and 7.0 I had
> not known that, plus I'm not exactly a heavy Debian user...), and
> they backported the fix to the 5.x kernel series (the 7.0 series are,
> according to the developers, "experimental", and outdated).

To be honest, since it isn't mandatory, I'd rather not have the support
headache for a while.

> So there is no need on your part to not build PIEs on kFreeBSD any
> more. (I wonder what the benefit of a PIE is, do you happen to have
> a pointer to some docs/manual on it? I know (now) in theory what a
> PIE is, but don't see the point.)

It lets us take advantage of address space layout randomisation to make
stack-smashing attacks harder.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- openssh PIEs, part II
  - From: Thorsten Glaser <tg@mirbsd.de>

Prev by Date: openssh PIEs, part II
Next by Date: Ecartis command results: No commands found
Previous by thread: openssh PIEs, part II
Next by thread: Ecartis command results: No commands found
Index(es):
- Date
- Thread