tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: tcpdump: drop privileges by default?



In article <20090910001424.GA1784%NetBSD.ORG@localhost>,
Thor Lancelot Simon  <tls%panix.com@localhost> wrote:
>On Wed, Sep 09, 2009 at 11:44:41PM +0000, Christos Zoulas wrote:
>> 
>> To take advantage of ASLR, you should build PIE binaries. Otherwise only
>> the stack segment and the shared libraries get randomized. The issues
>> with making PIE the default are performance and stability.
>
>The performance issues are register pressure and VIVT cache friendliness,
>right?  What is the stability issue?

Right. Register pressure is less of an issue since a lot of the code is
already PIC (libc). The stability issue is that we really have not tested
this well. For example we had to fix a bug or two in the dynamic linker for
this to work.

christos



Home | Main Index | Thread Index | Old Index