Re: Time to reevaluate the cost of -fPIC?
On 14 May 2016 at 21:12, Niels Thykier <niels@thykier.net> wrote:
> Marco d'Itri:
>> On May 03, Josh Triplett <josh@joshtriplett.org> wrote:
>>
>>> While this doesn't make PIC absolutely free, it does eliminate almost
>>> all of the cost, to the point that it no longer seems worthwhile to
>>> build without -fPIC. Apart from that, building *all* code with -fPIC
>>> (including both programs and libraries) helps with hardening.
>> I think that this is worth exploring.
>> Did you check what other (relevant) distributions are doing?
>>
>
> Fedora seems to be doing -fPIE by default for executables[1] - targeting
> Fedora 23. Known issues they ran into can be found at [2].
> I also found the following PPA [3]. Cannot say if it is official or
> just a personal interest from the PPA owner.
>
Ubuntu 16.04 LTS on s390x has -fPIE and bind now
Ubuntu 16.10 on amd64, ppc64el, s390x has -fPIE and bind now
In general features like these for Ubuntu are tracked by Security team at:
https://wiki.ubuntu.com/Security/Features
And bind-now needs fixing on that page.
--
Regards,
Dimitri.
Reply to: