Bill Meier wrote: > Stig Bjørlykke wrote: >> Hi, >> >> Can we build Wireshark and friends as Position-independent executables (PIE)? >> The attached patch seems to do this. Any objections against this patch? > > I've no experience with Position-independent executables; A quick search > does suggest that there's a performance hit (every time the program is > loaded into memory ??). > > > For example: > > From: http://www.redhat.com/magazine/009jul05/features/execshield/ > > "Position independent code has a performance overhead on most > architectures (x86-64 is the exception to this). For this reason, > neither Red Hat® Enterprise Linux® nor Fedora™ Core have the entire > distribution compiled as a PIE binary. Only selected, security > sensitive programs are compiled as PIEs. " > > Thoughts ?? >
Recent Debian and Ubuntu packages are already built with PIE and other security related hardening options: http://wiki.debian.org/Hardening http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html I haven't tested the speed impacts, but the packaged binaries don't seem to be noticeably slower than the svn builds. Cheers, Balint ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe