On Tue, Sep 27, 2011 at 06:01:54PM -0700, Kees Cook wrote: > Just to be explicit, PIE tends to have small (<1%) performance hits on > register-starved architectures (i386) in most cases, for for certain work > loads (e.g. python) the hit is large (~15%). On architectures with plenty > of registers (amd64) there's virtually no measurable performance hit that > I've seen. > If your package handles 3rd party data of any kind (renders, network > daemons, file parsers, etc), I strongly recommend enabling PIE.
However, on 32bit architectures address space randomizing (which is why people try sell PIE as a security feature) does not add much security. http://benpfaff.org/papers/asrandom.pdf Riku -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110928195215.ga24...@afflict.kos.to
