|
version 1.35, 2017/11/12 14:59:14
|
version 1.36, 2017/11/12 15:02:00
|
|
Line 66 More details can be found here:
|
Line 66 More details can be found here:
|
| |
|
| ### PKGSRC_MKPIE |
### PKGSRC_MKPIE |
| |
|
| This requests the the creation of PIE (Position Independent |
This requests the creation of PIE (Position Independent Executables) for all |
| Executables) for all executables. The PIE mechanism is normally used |
executables. The PIE mechanism is normally used for shared libraries so that |
| for shared libraries so that they can be loaded at differing addresses |
they can be loaded at differing addresses at runtime. PIE itself does not have |
| at runtime. PIE itself does not have useful security properties. |
useful security properties. However, some operating systems support Address |
| However, some operating systems support Address Space Layout |
Space Layout Randomization (ASLR), which causes different addresses to be used |
| Randomization (ASLR), which causes different addresses to be used each |
each time a program is run. This makes it more difficult for an attacker to |
| time a program is run. This makes it more difficult for an attacker |
guess addresses and thus makes exploits harder to construct. |
| to guess addresses and thus makes exploits harder to construct. |
|
| |
|
| PIE executables will only be built for toolchains that are known to support PIE. |
PIE executables will only be built for toolchains that are known to support PIE. |
| Currently, this means NetBSD on amd64 and i386. |
Currently, this means NetBSD on amd64 and i386. |
![[BACK]](/icons/back.gif){kind=icon}
Return to hardening.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / pkgsrc