On Fri, Jan 9, 2015 at 12:16 AM, Dennis Gilmore <den...@ausil.us> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 08 Jan 2015 20:25:36 +0100 > Reindl Harald <h.rei...@thelounge.net> wrote: > >> >> Am 08.01.2015 um 19:45 schrieb Miloslav Trmač: >> >> = Proposed System Wide Change: Harden all packages with >> >> position-independent code = >> >> >> >> Harden all packages with position-independent code to limit the >> >> damage from certain security vulnerabilities. >> > >> > So this proposal is for _all_ architectures, including the >> > register-starved 32-bit i?86 where the overhead is, IIRC, around >> > 10%. I am by now quite convinced that x86_64 should be using PIE >> > by default. As for 32-bit, I’m torn between “this is too much >> > overhead” and “32-bit isn’t worth the worry, let’s instead make the >> > defaults consistent.” >> >> probably not worth the worry, new machines are x86_64 mostly, keep in >> mind RHEL7 dropped i686 at all >> >> even if they are still used - 10% sounds much *but* such old machines >> mostly have a special task and are far away from noticeable load and >> it really depends on the workload if you even notice 20% performance >> drop >> >> at least i doubt there is a noticeable userbase with i686 running >> Fedora at all *and* would notice the drop noticeable > > all of the OLPC XO 1.0 and 1.5 devices are running i686 fedora, that > userbase is in the millions, but would they notice the performance > drop I do not know. > > It would be interesting to see how performance was impacted on 32 bit > arm
The address space on 32 bit is relatively small so randomization does not gain much in terms of security anyway (you could bruteforce the addresses in a reasonable amount of time). So high cost low benefit. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
