gentoo-hardened February 2011 archive
Main Archive Page > Month Archives  > gentoo-hardened archives
gentoo-hardened: Re: [gentoo-hardened] Remove the pic use flag i

Re: [gentoo-hardened] Remove the pic use flag in the hardened amd64 profile.

From: Ed W <lists_at_nospam>
Date: Sun Feb 27 2011 - 16:33:31 GMT
To: gentoo-hardened@lists.gentoo.org

On 27/02/2011 08:20, klondike wrote:
> 2011/2/27 Ed W<lists@wildgooses.com>:
>> On 26/02/2011 18:01, Magnus Granberg wrote:
>>> If you have read the last meeting we will be removing the pic use flag as
>>> default on in the hardened amd64 profile. We will start with the changes
>>> when
>>> the new structure to the profiles have settled down.
>> Hi, any chance of a bit of background on this change? ie the "why" and some
>> of the implications?
> Summing it up a lot, amd64 usually needs not special asm code for PIC
> due to the way the ABI is defined (which means being PIC by default
> usually).
>
> That's not always the case, i.e. aircrack needed special PIC code, but
> in general it shouldn't be a problem.
>

Sorry to probe further, but I'm not getting the big picture (durr)

I think what you are saying is that using PIC requires some special
handling (but that work seems largely done now?). However, does
removing PIC leave the AMD64 architecture "less secure" in some way? Or
is some other procedure now replacing PIC?

My minimal understanding is that PIC is a key part of the address space
randomisation that is considered useful for system hardening. Where does
removing PIC leave us in that process?

So, sorry to be the dimwit, but can you give me a beginners guide to the
implications of this change?

Ta

Ed W