-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 09, 2017 at 08:22:58PM -0400, Gene Heskett wrote: > On Wednesday 09 August 2017 10:52:26 慕 冬亮 wrote: > > > On 08/09/2017 10:48 AM, Gene Heskett wrote: > > > On Wednesday 09 August 2017 10:31:48 Thomas Schmitt wrote: > > >> Hi, > > >> > > >> 慕 冬亮 <mudonglianga...@hotmail.com> wrote: > > >>> When does Debian Team, or Security Team decide to enable PIE by > > >>> default? > > >> > > >> I guess it was one year ago. At least that's the dates one can see > > >> on https://wiki.debian.org/Hardening/PIEByDefaultTransition > > > > > > Interesting Thomas, but what the heck is PIE? I know about PAE, but > > > PIE? Whats it do? Searching the above wiki returned only this > > > thread. > > > > Please take a look at the following URL: > > > > https://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_PIE_.28gcc.2Fg.2 > >B-.2B-_-fPIE_-pie.29 > > > Aha, another name for PIC, which I've only been writing code that uses it > for 32 years. Also known as PCR, for Program Counter Relative. Such > code can be loaded into memory and executed without any patching.
Not exactly. PIC is "position independent code". Shared libraries have been compiled like that for a long time since (especially under 32 bits) you never knew where was a hole in memory to mmap the library in. PIE is "position independent executable": it's about using PIC in the Executable -- since that's the first to map in, the whole (well, nearly) address space is available, and there's no need to generate PIC. Since (under Intel) PIC is a tad slower than non-PIC, well... But thanks PIE you can map the executable itself into a random address (ASLR), which makes it more difficult for an attacker to find useful "tools" in the executable image. > > It is a security feature which combines with ASLR to do full address > > space randomization. Yes. Cheers - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmMEqkACgkQBcgs9XrR2kasngCeI49Xp+FPFo34Uy7FXvro2Vzq +VMAn1QCl0A+qu/5PK9hua7Hp8q8ZJP7 =KyAN -----END PGP SIGNATURE-----
