On 6 November 2016 at 03:48, Michael Orlitzky <[email protected]> wrote:
> On 11/05/2016 07:19 PM, 'Bill Hart' via sage-release wrote: > > > > Someone reported the issue to us, but we have never heard of PIE, much > > less do we know what to do about it. > > > > PIE is like PIC, but for executables. Shared libraries can't rely on > fixed addresses because multiple programs may have the library loaded at > different locations in memory. So, you want to build the libraries > "position-independent" -- that's PIC. > > Executables don't have the same requirement, but if you can randomize > the address space of your executables, it makes them a lot harder to > exploit. That general idea falls under the acronym ASLR, and > position-independent executables (PIE) are becoming mainstream because > they facilitate ASLR. Thanks for the explanation. For a while we thought ASLR was the cause of erratic timings we were experiencing on one of our machines. But it turns out someone had already switched it off, which probably illustrates how much we value all this "hardening". I do think it is working though. Everything seems much harder now. Bill. -- You received this message because you are subscribed to the Google Groups "sage-release" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sage-release. For more options, visit https://groups.google.com/d/optout.
