On 31 May 2010, at 16:26, Matthias Klumpp wrote: > On Mon, 31 May 2010 14:31:19 +0200, Jonas Maebe <jonas.ma...@elis.ugent.be> > wrote: >> It's because we don't generate PIC (position-independent code) by >> default on Linux-i386, because >> a) PIC is fairly inefficient on i386 (it requires an extra register, >> and the i386 is already register-starved as it is -- on average, it >> results in a 10% performance degradation) >> b) very few people use SELinux, and on non-SELinux systems dynamic >> libraries without PIC work fine (with a small memory usage penalty, >> because the code cannot be shared amongst multiple processes) > According to SELinux, this is a security issue..
I guess that it may prevent some address space randomization features. I very much doubt that it opens up security holes by itself though. Jonas_______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
