On Tue, Jan 05, 2010 at 07:38:31PM +0100, Balint Reczey wrote:
> >> Can we build Wireshark and friends as Position-independent executables (PIE)?
> >> The attached patch seems to do this. Any objections against this patch?
Go ahead, but please see comments below.
> > I've no experience with Position-independent executables; A quick search
> > does suggest that there's a performance hit (every time the program is
> > loaded into memory ??).
[...]
> Recent Debian and Ubuntu packages are already built with PIE and other
> security related hardening options:
> http://wiki.debian.org/Hardening
> http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html
>
> I haven't tested the speed impacts, but the packaged binaries don't seem
> to be noticeably slower than the svn builds.
If you are running wireshark with dynamic libraries, then all the libs are
already compiled with -fPIE anyway - and they do all the work. I wouldn't
expect there to be any measurable performance difference whatsoever.
But while you are at it, please follow that Debian harding link and have a
look at the additional hardening methods too (that's what you get for having
a good idea *and* mentioning it ;->
ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
