why -pie?
simo
idra at samba.org
Thu Dec 21 02:27:36 GMT 2006
On Thu, 2006-12-21 at 13:22 +1100, Andrew Bartlett wrote:
> On Thu, 2006-12-21 at 09:54 +1100, tridge at samba.org wrote:
> > Metze,
> >
> > I've been bitten by the -pie compile flag in Samba3. I noticed you
> > added it in r19093, can you explain why its needed?
>
> My understanding is that on systems with address space randomisation,
> -pie allows the random relocation of the binary, so as to improve
> security, because pre-calculated attacks will fail.
>
> see the Exec-Shield section in
> http://fedoraproject.org/wiki/Security/Features
It is ok if it is not the default.
Let's the distribution maintainers enable it if they want so.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list