On Thursday 20 October 2011 23:20:35 Duncan wrote: > Magnus G suggests possibly adding PIE to amd64, which is already PIC,
this isn't quite right. amd64 shared objects (i.e. libraries) are PIC. the applications are not. > Still, speaking as an ~amd64 user myself, that's certainly an acceptable > tradeoff from the user-side, particularly as most users will only have > perhaps a handful of those 30 packages installed. If the gentoo/amd64 > folks and the maintainers of those 30 packages don't mind too much, I > believe it does make sense. usually these packages are multimedia related. like ffmpeg iirc. so i think the impact is much greater than your estimate here. > Then, as legacy x86 gradually dies off and those who haven't already done > so gradually switch to amd64 (or possibly arm, but I don't know enough > about that to comment in this context), they'd get the security upgrade > as a part of the package. =:^) poor PIC performance isn't specific to x86. it's just the largest affected user base. i'd have to dig into the ABI's to say which others have issues. > What about x32, tho? Does it get PIC by default too, or not, and if not, x32 is same as x86_64 wrt PIC > And for bindnow, do you mean the "-Wl,-z,now" that's part of my LDFLAGS? yes > there's some initial-load-time and arguably some memory cost, but less > post-load run-time latency and issues when those libs would be otherwise > be lazy-loaded, and I decided that tradeoff was one I could live with! i don't think there's a memory cost. the initial load time is waste and is noticeable on much larger packages like OOo. -mike
signature.asc
Description: This is a digitally signed message part.