On 09/24/2015 05:04 AM, Alexis La Goutte wrote:
Hi Balint
No a problem for me to add PIE on Wireshark
But no need to check if lib (Qt) use also PIE ?
We already do--at least with autofoo (cmake seems to pick up the PIE
flags from Qt's config directly).
But I don't think there's a problem if we're compiled PIE and libraries
we use aren't.
On Thu, Sep 24, 2015 at 10:49 AM, B�lint R�czey <balint@xxxxxxxxxxxxxxx
<mailto:balint@xxxxxxxxxxxxxxx>> wrote:
Hi All,
I have just created a review to add PIE when it is available to
default flags:
https://code.wireshark.org/review/#/c/10635
I think this matter is worth discussion here, too.
Should we enable more compiler flags which make Wireshark more secure
by default?
I Debian I will enable all hardening flags thus Debian users will be
protected, but I wonder if we want to enable some of them in vanilla
Wireshark as well.
I don't have much of an opinion either way but Fedora also compiles
Wireshark with PIE:
http://pkgs.fedoraproject.org/cgit/wireshark.git/tree/wireshark.spec?id=76137e2b71a42cf2a54565ffdfc3b0dbee551ba6#n176