On Tue, Jan 29, 2008 at 10:31:48PM +0000, Moritz Muehlenhoff wrote: > There are certainly performance trade-offs involved and the final > selection of features will depend on the testing of the respective > maintainers (testing should be eased by hardening-wrapper).
I understand. To be fair, I'm worried in the implications of the SSP, FORTITY_SOURCES and PIE proposals. Others looks fine, but those three may have very important performance issues embedded. * SSP has a cost proportional to the number of calls an application performs (If I'm correct), which in CPU intensive tasks may become an issue. * FORTITY_SOURCES=2 checks memcpy and memmove, though other functions it checks should just not be used and applications beeing too slow because of them should just be shot down. * PIE is just IMHO not an option on x86 :/ Though probably someone should come up with some benchmarks. The usual culprits (multimedia libraries, html renderers, xml processors, …) all provide easily deployed bench, and before we go any further I'd like to see some numbers. If it's say less than a percent, okay I'm all for it. If we have more than 10% performance losses because of that, then we implicitely ask our users to sometimes buy faster machines (I know many people having installations where their multimedia player eats 80% CPU while decoding a film because they run it on old hardware, we may just kill this kind of use, and I would be sorry). -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpmkWRVZqdd3.pgp
Description: PGP signature
