Bill Meier wrote:
Stig Bjørlykke wrote:
Hi,
Can we build Wireshark and friends as Position-independent executables (PIE)?
The attached patch seems to do this. Any objections against this patch?
I've no experience with Position-independent executables; A quick search
does suggest that there's a performance hit (every time the program is
loaded into memory ??).
For example:
From: http://www.redhat.com/magazine/009jul05/features/execshield/
"Position independent code has a performance overhead on most
architectures (x86-64 is the exception to this). For this reason,
neither Red Hat® Enterprise Linux® nor Fedora™ Core have the entire
distribution compiled as a PIE binary. Only selected, security
sensitive programs are compiled as PIEs. "
Thoughts ??
Recent Debian and Ubuntu packages are already built with PIE and other
security related hardening options:
http://wiki.debian.org/Hardening
http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html
I haven't tested the speed impacts, but the packaged binaries don't seem
to be noticeably slower than the svn builds.
Cheers,
Balint