On 01/27/2012 07:12 PM, Mike Frysinger wrote:
On Friday 27 January 2012 16:05:13 Jason A. Donenfeld wrote:
On Fri, Jan 27, 2012 at 21:13, "Paweł Hajdan, Jr." wrote:
Again - only if we don't get a consensus here.
Wait... Is anybody here *actually opposed* to not enabling PIE on *SUID
binaries*?
he was talking system wide
considering the number set*id binaries in the tree, and their requirements
(they tend to not be performance sensitive in the slightest), i don't have a
problem with steering them in the PIE direction.
ignoring /usr/bin/Xorg here of course, but that has a lot more problems that i
doubt PIE will make much of a difference.
-mike
I've run nbench on two amd64 systems both running the same kernel
vanilla-3.2.2. They only differed in that one uses the hardened
toolchain and the other with a vanilla toolchain. nbench itself was
compile pie on the former and no-pie on the later. I found negligible
difference in performance.
So at least on amd64, I don't think that performance is ever an issue.
I have yet to look at x86.
Below I give more info.
Here's the result for the hardened system.
# time -p /usr/bin/nbench
BYTEmark* Native Mode Benchmark ver. 2 (10/95)
Index-split by Andrew D. Balsa (11/97)
Linux/Unix* port by Uwe F. Mayer (12/96,11/97)
TEST : Iterations/sec. : Old Index : New Index
: : Pentium 90* : AMD K6/233*
--------------------:------------------:-------------:------------
NUMERIC SORT : 1172.2 : 30.06 : 9.87
STRING SORT : 533.16 : 238.23 : 36.87
BITFIELD : 5.0544e+08 : 86.70 : 18.11
FP EMULATION : 150.32 : 72.13 : 16.64
FOURIER : 30498 : 34.69 : 19.48
ASSIGNMENT : 35.543 : 135.25 : 35.08
IDEA : 8060 : 123.28 : 36.60
HUFFMAN : 2549.8 : 70.71 : 22.58
NEURAL NET : 58.377 : 93.78 : 39.45
LU DECOMPOSITION : 1909.8 : 98.94 : 71.44
==========================ORIGINAL BYTEMARK RESULTS==========================
INTEGER INDEX : 91.279
FLOATING-POINT INDEX: 68.525
Baseline (MSDOS*) : Pentium* 90, 256 KB L2-cache, Watcom* compiler 10.0
==============================LINUX DATA BELOW===============================
CPU : 8 CPU GenuineIntel Intel(R) Core(TM) i7 CPU 920
@ 2.67GHz 2673MHz
L2 Cache : 8192 KB
OS : Linux 3.2.2
C compiler : x86_64-pc-linux-gnu-gcc
libc :
MEMORY INDEX : 28.613
INTEGER INDEX : 19.197
FLOATING-POINT INDEX: 38.007
Baseline (LINUX) : AMD K6/233*, 512 KB L2-cache, gcc 2.7.2.3, libc-5.4.38
* Trademarks are property of their respective holder.
real 252.44
user 252.26
sys 0.01
Here's the result for the vanilla system
# time -p /usr/bin/nbench
BYTEmark* Native Mode Benchmark ver. 2 (10/95)
Index-split by Andrew D. Balsa (11/97)
Linux/Unix* port by Uwe F. Mayer (12/96,11/97)
TEST : Iterations/sec. : Old Index : New Index
: : Pentium 90* : AMD K6/233*
--------------------:------------------:-------------:------------
NUMERIC SORT : 1179.4 : 30.25 : 9.93
STRING SORT : 540.12 : 241.34 : 37.36
BITFIELD : 5.0565e+08 : 86.74 : 18.12
FP EMULATION : 164.64 : 79.00 : 18.23
FOURIER : 30785 : 35.01 : 19.66
ASSIGNMENT : 35.677 : 135.76 : 35.21
IDEA : 7984.8 : 122.13 : 36.26
HUFFMAN : 2686 : 74.48 : 23.78
NEURAL NET : 57.097 : 91.72 : 38.58
LU DECOMPOSITION : 1887.4 : 97.78 : 70.60
==========================ORIGINAL BYTEMARK RESULTS==========================
INTEGER INDEX : 93.349
FLOATING-POINT INDEX: 67.966
Baseline (MSDOS*) : Pentium* 90, 256 KB L2-cache, Watcom* compiler 10.0
==============================LINUX DATA BELOW===============================
CPU : 8 CPU GenuineIntel Intel(R) Core(TM) i7 CPU 920
@ 2.67GHz 2673MHz
L2 Cache : 8192 KB
OS : Linux 3.2.2
C compiler : x86_64-pc-linux-gnu-gcc
libc :
MEMORY INDEX : 28.777
INTEGER INDEX : 19.879
FLOATING-POINT INDEX: 37.696
Baseline (LINUX) : AMD K6/233*, 512 KB L2-cache, gcc 2.7.2.3, libc-5.4.38
* Trademarks are property of their respective holder.
real 252.37
user 252.19
sys 0.01
The CPU is an 8 core i7
processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
stepping : 5
microcode : 0xb
cpu MHz : 2673.112
cache size : 8192 KB
physical id : 0
siblings : 8
core id : 3
cpu cores : 4
apicid : 7
initial apicid : 7
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc
aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1
sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
bogomips : 5344.67
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
