On Tue, Jan 05, 2010 at 07:38:31PM +0100, Balint Reczey wrote: > >> Can we build Wireshark and friends as Position-independent executables > >> (PIE)? > >> The attached patch seems to do this. Any objections against this patch?
Go ahead, but please see comments below. > > I've no experience with Position-independent executables; A quick search > > does suggest that there's a performance hit (every time the program is > > loaded into memory ??). [...] > Recent Debian and Ubuntu packages are already built with PIE and other > security related hardening options: > http://wiki.debian.org/Hardening > http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html > > I haven't tested the speed impacts, but the packaged binaries don't seem > to be noticeably slower than the svn builds. If you are running wireshark with dynamic libraries, then all the libs are already compiled with -fPIE anyway - and they do all the work. I wouldn't expect there to be any measurable performance difference whatsoever. But while you are at it, please follow that Debian harding link and have a look at the additional hardening methods too (that's what you get for having a good idea *and* mentioning it ;-> ciao Joerg -- Joerg Mayer <[email protected]> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
