Wireshark · Wireshark-dev: Re: [Wireshark-dev] Compile with PIE

Wireshark-dev: Re: [Wireshark-dev] Compile with PIE

From: Balint Reczey <balint.reczey@xxxxxxxxxxxx>

Date: Tue, 05 Jan 2010 19:38:31 +0100

Bill Meier wrote:

Stig Bjørlykke wrote:

Hi,

Can we build Wireshark and friends as Position-independent executables (PIE)?
The attached patch seems to do this.  Any objections against this patch?

I've no experience with Position-independent executables; A quick searchdoes suggest that there's a performance hit (every time the program isloaded into memory ??).



For example:

From: http://www.redhat.com/magazine/009jul05/features/execshield/

   "Position independent code has a performance overhead on most
    architectures (x86-64 is the exception to this). For this reason,
    neither Red Hat® Enterprise Linux® nor Fedora™ Core have the entire
    distribution compiled as a PIE binary. Only selected, security
    sensitive programs are compiled as PIEs. "

Thoughts ??

Recent Debian and Ubuntu packages are already built with PIE and othersecurity related hardening options:

http://wiki.debian.org/Hardening
http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html

I haven't tested the speed impacts, but the packaged binaries don't seemto be noticeably slower than the svn builds.


Cheers,
Balint

Follow-Ups:
- Re: [Wireshark-dev] Compile with PIE
  - From: Joerg Mayer

References:
- [Wireshark-dev] Compile with PIE
  - From: Stig Bjørlykke
- Re: [Wireshark-dev] Compile with PIE
  - From: Bill Meier

Prev by Date: Re: [Wireshark-dev] wireshark build fails!??!!
Next by Date: Re: [Wireshark-dev] wireshark build fails!??!!
Previous by thread: Re: [Wireshark-dev] Compile with PIE
Next by thread: Re: [Wireshark-dev] Compile with PIE
Index(es):
- Date
- Thread