On Sun, May 22, 2016 at 10:41:56AM +0200, Christian Seiler wrote: > => however, -fPIC code is again slightly slower and > larger than -fPIE code. Really? I thought the idea is the same in both modes. > So in the end in boils down to the following: > > A. From a hardening perspective, any code that is added to > static libraries should be compiled with -fPIE if the static > library will only ever be used in executables, and with > -fPIC if it also might be used in shared libraries. > (Although, to be honest, that use case is a bit rarer.) This, of course, assumes all executables using that library will be compiled with -fPIE. > B. From a performance perspective, using non-PIC/PIE code is > faster, though not necessarily by much anymore. It was worth mentioning only for i386 anyway. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature