qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v7 1.0] configure: build position independent ex

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH v7 1.0] configure: build position independent executables on x86 hosts
Date: Tue, 15 Nov 2011 08:57:50 -0600
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13 
On 11/15/2011 05:25 AM, Peter Maydell wrote:

On 15 November 2011 09:34, Avi Kivity<address@hidden>  wrote:

Change the default on x86 hosts to building PIE (position independent
executables); instead of restricting the option to user-only targets,
apply it to all targets.

In addition, set the relocation sections to read-only (relro) when available;
this reduces the attack surface by disallowing changes to relocation tables
at runtime.

While PIE reduces performance and relro increases load time, it greatly
improves security, with the potential to reduce a code execution vulnerability
to a self denial of service.

Non-x86 are not changed, as they require TCG changes.

Signed-off-by: Avi Kivity<address@hidden>


Reviewed-by: Peter Maydell<address@hidden>

...as far as the technical content of the patch is concerned.
I'm still rather dubious about the merits of putting this patch
in this late in the release cycle.


How about we limit this to be enabled by default on x86 Linux hosts?
That would make me a lot more comfortable for 1.0 since I expect we can test that exhaustively. 

Regards,

Anthony Liguori



-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]