* Jiri Jaburek:
> On 09/12/16 13:42, Jakub Wilk wrote:
>> * Bálint Réczey , 2016-09-12, 13:21:
Reading up on the subject so far, I got the impression that most
static libraries should be built with PIE, but not necessarily PIC
(to allow building PIE(xecutable)s, but discourage creat
On 09/12/16 13:42, Jakub Wilk wrote:
> * Bálint Réczey , 2016-09-12, 13:21:
>>> Reading up on the subject so far, I got the impression that most
>>> static libraries should be built with PIE, but not necessarily PIC
>>> (to allow building PIE(xecutable)s, but discourage creating shared
>>> librarie
On 09/12/2016 01:42 PM, Jakub Wilk wrote:
> * Bálint Réczey , 2016-09-12, 13:21:
>>> Reading up on the subject so far, I got the impression that most
>>> static libraries should be built with PIE, but not necessarily PIC
>>> (to allow building PIE(xecutable)s, but discourage creating shared
>>> lib
* Bálint Réczey , 2016-09-12, 13:21:
Reading up on the subject so far, I got the impression that most
static libraries should be built with PIE, but not necessarily PIC (to
allow building PIE(xecutable)s, but discourage creating shared
libraries from those static ones.)
How does it discourage
On Mon, Sep 12, 2016 at 01:21:55PM +0200, Bálint Réczey wrote:
> There is a (still growing:-)) list in here which includes other PIE
> releated issues:
> https://udd.debian.org/cgi-bin/bts-usertags.cgi?tag=pie-bindnow-20160906&user=balint%40balintreczey.hu
btw, I saw that in at least one of them I
Hi Markus,
2016-09-12 8:51 GMT+02:00 Markus Wanner :
> On 09/12/2016 01:47 AM, Bálint Réczey wrote:
>> I have opened a bug to encourage PIC for static libraries in Policy, too.:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837478
>
> Thanks, cool.
>
> Is there any specific reason for not m
On 09/12/2016 01:47 AM, Bálint Réczey wrote:
> I have opened a bug to encourage PIC for static libraries in Policy, too.:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837478
Thanks, cool.
Is there any specific reason for not mentioning -fPIE in that request?
That seems like a good middle-g
Hi All,
2016-05-22 11:26 GMT+02:00 Christian Seiler :
> On 05/22/2016 10:50 AM, Andrey Rahmatullin wrote:
>> On Sun, May 22, 2016 at 10:41:56AM +0200, Christian Seiler wrote:
...
>
>>> B. From a performance perspective, using non-PIC/PIE code is
>>>faster, though not necessarily by much anymor
On 05/22/2016 07:31 PM, Guillem Jover wrote:
> I've tried to condense this and the other message on the other thread
> to extend the dpkg-buildflags(1) man page.
Great, thanks!
> Attached the patch I'm intending to apply. Let me know if you have
> other suggestions, improvements, wording tweaks,
Hi!
On Sun, 2016-05-22 at 10:41:56 +0200, Christian Seiler wrote:
[… useful overview …]
I've tried to condense this and the other message on the other thread
to extend the dpkg-buildflags(1) man page. Attached the patch I'm
intending to apply. Let me know if you have other suggestions,
improvemen
On 2016-05-22 Christian Seiler wrote:
[extensive explanation]
> Therefore, I would recommend to use at least -fPIE for static
> libraries, and possibly -fPIC if you think they might be used
> in other dynamic libraries.
> Hope that helps.
Yes it does. Thanks for taking the time to explain this.
On 05/22/2016 10:50 AM, Andrey Rahmatullin wrote:
> On Sun, May 22, 2016 at 10:41:56AM +0200, Christian Seiler wrote:
>>=> however, -fPIC code is again slightly slower and
>> larger than -fPIE code.
> Really? I thought the idea is the same in both modes.
Ok, thinking about it ag
On Sun, May 22, 2016 at 10:41:56AM +0200, Christian Seiler wrote:
>=> however, -fPIC code is again slightly slower and
> larger than -fPIE code.
Really? I thought the idea is the same in both modes.
> So in the end in boils down to the following:
>
> A. From a hardening perspec
On 05/22/2016 08:48 AM, Andreas Metzler wrote:
> https://lintian.debian.org/tags/hardening-no-pie.html says "It is
> unlikely to work when compiling static libraries or executables (gcc
> -static)."
For static libraries, it really depends on what you want to do with
them. A static library is just
On Sun, May 22, 2016 at 12:23:59PM +0500, Andrey Rahmatullin wrote:
> On Sun, May 22, 2016 at 08:48:19AM +0200, Andreas Metzler wrote:
> > https://lintian.debian.org/tags/hardening-no-pie.html says "It is
> > unlikely to work when compiling static libraries or executables (gcc
> > -static)."
> >
>
On Sun, May 22, 2016 at 08:48:19AM +0200, Andreas Metzler wrote:
> https://lintian.debian.org/tags/hardening-no-pie.html says "It is
> unlikely to work when compiling static libraries or executables (gcc
> -static)."
>
> However e.g. https://wiki.debian.org/Hardening does not mention this
> proble
16 matches
Mail list logo
