On 11/05/2016 07:19 PM, 'Bill Hart' via sage-release wrote: > > Someone reported the issue to us, but we have never heard of PIE, much > less do we know what to do about it. >
PIE is like PIC, but for executables. Shared libraries can't rely on fixed addresses because multiple programs may have the library loaded at different locations in memory. So, you want to build the libraries "position-independent" -- that's PIC. Executables don't have the same requirement, but if you can randomize the address space of your executables, it makes them a lot harder to exploit. That general idea falls under the acronym ASLR, and position-independent executables (PIE) are becoming mainstream because they facilitate ASLR. -- You received this message because you are subscribed to the Google Groups "sage-release" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sage-release. For more options, visit https://groups.google.com/d/optout.
