[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Time to reevaluate the cost of -fPIC?

On 14 May 2016 at 21:12, Niels Thykier <niels@thykier.net> wrote:
> Marco d'Itri:
>> On May 03, Josh Triplett <josh@joshtriplett.org> wrote:
>>
>>> While this doesn't make PIC absolutely free, it does eliminate almost
>>> all of the cost, to the point that it no longer seems worthwhile to
>>> build without -fPIC.  Apart from that, building *all* code with -fPIC
>>> (including both programs and libraries) helps with hardening.
>> I think that this is worth exploring.
>> Did you check what other (relevant) distributions are doing?
>>
>
> Fedora seems to be doing -fPIE by default for executables[1] - targeting
> Fedora 23.  Known issues they ran into can be found at [2].
>   I also found the following PPA [3]. Cannot say if it is official or
> just a personal interest from the PPA owner.
>

Ubuntu 16.04 LTS on s390x has -fPIE and bind now

Ubuntu 16.10 on amd64, ppc64el, s390x has -fPIE and bind now

In general features like these for Ubuntu are tracked by Security team at:

https://wiki.ubuntu.com/Security/Features

And bind-now needs fixing on that page.

-- 
Regards,

Dimitri.
Reply to: