On 07/27/2011 04:09 PM, Kees Cook wrote:
- there needs to be a way to identify those architectures that are "register starved", since those should _not_ get the PIE flags by default (e.g. i386 should not get PIE, but amd64 should get PIE by default). Right now if one uses hardening-wrapper, it's expected that everything that can be enabled is enabled, so you gain PIE even on i386 at the moment.
please communicate the trade off even for amd64. It's measurable, and I don't see any value in slowing down cc1* for this.
Matthias