One issue that should be considered when deciding if fink 10.7 will support some form of an upgrade installation option is the reduction in security from that approach. By requiring a clean bootstrap of fink on Lion, we insure that almost all packages are built with the default linker behavior of -pie. This creation of position independent executables will provide fink users with the added security of the full Address Space Layout Randomization in Lion.
http://en.wikipedia.org/wiki/Address_space_layout_randomization The functionality of ASLR in Lion can be seen from the unique failure of the gcc.dg/darwin-segaddr.c execution test in FSF gcc. That test case is supposed to verify that a segment can be placed at the same address each time. However if you add a printf to the testcase to output the observed segaddr, you will find that when linked with the default -pie, each execution of the resulting executable places the segment at a different random address. The utility of such protection is on exhibit from Microsoft's recent issues with rootkits that attack via the MBR... http://www.f-secure.com/weblog/archives/00001393.html using a system call at a known location. The breakage occured when MS fixed a 17 year old bug that moved the system call leveraged by the rootkit. Had MS used full ASLR this attack would have never been possible in the first place since the system call would have moved randomly in memory. Jack ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
