Re: tcpdump: drop privileges by default?

To: tech-userlevel%netbsd.org@localhost
Subject: Re: tcpdump: drop privileges by default?
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 10 Sep 2009 01:29:41 +0000 (UTC)

In article <20090910001424.GA1784%NetBSD.ORG@localhost>,
Thor Lancelot Simon  <tls%panix.com@localhost> wrote:
>On Wed, Sep 09, 2009 at 11:44:41PM +0000, Christos Zoulas wrote:
>> 
>> To take advantage of ASLR, you should build PIE binaries. Otherwise only
>> the stack segment and the shared libraries get randomized. The issues
>> with making PIE the default are performance and stability.
>
>The performance issues are register pressure and VIVT cache friendliness,
>right?  What is the stability issue?

Right. Register pressure is less of an issue since a lot of the code is
already PIC (libc). The stability issue is that we really have not tested
this well. For example we had to fix a bug or two in the dynamic linker for
this to work.

christos

References:
- tcpdump: drop privileges by default?
  - From: Jukka Ruohonen
- Re: tcpdump: drop privileges by default?
  - From: Elad Efrat
- Re: tcpdump: drop privileges by default?
  - From: Christos Zoulas
- Re: tcpdump: drop privileges by default?
  - From: Thor Lancelot Simon

Prev by Date: Re: tcpdump: drop privileges by default?
Next by Date: Re: tcpdump: drop privileges by default?
Previous by Thread: Re: tcpdump: drop privileges by default?
Next by Thread: Re: tcpdump: drop privileges by default?
Indexes:

Home | Main Index | Thread Index | Old Index