On 09/06/2011 06:42 PM, Jan Kratochvil wrote: > On Tue, 06 Sep 2011 19:28:56 +0200, Jon wrote: >> We like randomized addresses, improves security so exploit code cannot >> anticipate the address. >> Prelinked address might improve startup speed, but I'm not convinced the >> speedup is worth the risk. > > Executables where any such randomization can bring security benefits are > already built as PIE and prelink has no effect on such executables. > > There has never been made any security compromise for prelink. > > >> I feel prelink should be disabled in fedora completely. > > Are you going to also ask for -O0 compilation for better debuggability with > debuginfo rpms?
Packages that break with -On where n > 0, already get build with -O0 - package maintainers see to that. The point is that prelink can and does break other things, and in the case of vserver hashify it will actually cause the memory pressure to be multiplied by a potentially very large factor, thus killing performance. And the issue of the meaningful, measurable and consistent benefit still hasn't been cleared up. Gordan _______________________________________________ arm mailing list arm@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/arm
