Russ Allbery wrote:
> Uoti Urpala writes:
> > Russ Allbery wrote:
>
> >> +pie causes a fairly ordinary regular binary (gnubg) to die with a bus
> >> error immediately upon execution. If someone could figure out why and
> >> whether it's a general class of problems or something peculiar to that
>
Uoti Urpala writes:
> Russ Allbery wrote:
>> +pie causes a fairly ordinary regular binary (gnubg) to die with a bus
>> error immediately upon execution. If someone could figure out why and
>> whether it's a general class of problems or something peculiar to that
>> code, I'd be feeling more opti
Russ Allbery wrote:
> +pie causes a fairly ordinary regular binary (gnubg) to die with a bus
> error immediately upon execution. If someone could figure out why and
> whether it's a general class of problems or something peculiar to that
> code, I'd be feeling more optimistic about enabling PIE mo
On 01.04.2012 20:29, Kees Cook wrote:
On Sun, Apr 01, 2012 at 05:24:00PM +0800, Paul Wise wrote:
On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:
I'm going to work on getting this graphed daily, like the debhelper
statistics[3].
If you do, please add that to the statistics wiki page:
http://
Michael Gilbert writes:
> Here is where philosophy matters. Yes, bindnow and pie can cause
> problems or slowdowns in certain (fortunately rare) cases. Now, even
> though that is possible, that fact should not have any relevance on the
> choices for the defaults: on noticing that the flags have
On Sat, Apr 7, 2012 at 5:50 AM, Julien Cristau wrote:
> On Sat, Apr 7, 2012 at 11:27:46 +0200, Raphael Hertzog wrote:
>
> > Hi,
> >
> > On Sat, 07 Apr 2012, Julien Cristau wrote:
> > > On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote:
> > >
> > > > However, I wonder why bindnow isn't on
Kurt Roeckx, le Sat 07 Apr 2012 11:41:31 +0200, a écrit :
> > The reason bindnow is disabled by default is performance:
>
> I think I actually tested this on a slow system and had to come to
> the conclusion that this wasn't the case, or like 1% slower or
> something.
What did you test? I guess
On Sat, Apr 7, 2012 at 11:27:46 +0200, Raphael Hertzog wrote:
> Hi,
>
> On Sat, 07 Apr 2012, Julien Cristau wrote:
> > On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote:
> >
> > > However, I wonder why bindnow isn't on by default. I thought we had
> > > a discussion about this, and did
On Sat, Apr 07, 2012 at 11:27:46AM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Sat, 07 Apr 2012, Julien Cristau wrote:
> > On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote:
> >
> > > However, I wonder why bindnow isn't on by default. I thought we had
> > > a discussion about this, and di
Hi,
On Sat, 07 Apr 2012, Julien Cristau wrote:
> On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote:
>
> > However, I wonder why bindnow isn't on by default. I thought we had
> > a discussion about this, and didn't really see any negative
> > performance from that?
>
> It makes stuff sto
On Sat, Apr 7, 2012 at 02:17:21 +0200, Kurt Roeckx wrote:
> However, I wonder why bindnow isn't on by default. I thought we had
> a discussion about this, and didn't really see any negative
> performance from that?
>
It makes stuff stop working.
Cheers,
Julien
signature.asc
Description: Digi
On Sun, Apr 01, 2012 at 11:29:42AM -0700, Kees Cook wrote:
> Note that the default flags in both Ubuntu and Debian lack PIE (where
> as Gentoo's hardening patchset includes PIE by default). The Debian
> hardening documentation has encouraged maintainers to enable PIE too
> if they have a sensitive
On Sun, Apr 01, 2012 at 12:49:37AM -0700, Kees Cook wrote:
> I'm going to work on getting this graphed daily
I've now added[1] the graphs[2]. In a few weeks, it'll be easier to see
the slopes. :)
-Kees
[1] http://wiki.debian.org/Statistics
[2] http://outflux.net/debian/hardening/
--
Kees Cook
On Mon, Apr 2, 2012 at 2:29 AM, Kees Cook wrote:
> Ah-ha, yes. I will do that. :)
Thanks
> I haven't attempted to push these things to upstream yet, but I still
> think it would be a great idea.
> ...
Thanks for the info! I hope someone manages to do this in the next decade.
--
bye,
pabs
htt
On Sun, Apr 01, 2012 at 05:24:00PM +0800, Paul Wise wrote:
> On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:
> > I'm going to work on getting this graphed daily, like the debhelper
> > statistics[3].
>
> If you do, please add that to the statistics wiki page:
>
> http://wiki.debian.org/Statistic
On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:
> This is very exciting! It was only a short time ago when just a handful
> of packages were building with hardening options. Now we're almost to 20%
> on stack-protector. :) Thank you everyone for your great work!
Very nice, thanks for pushing it!
16 matches
Mail list logo
