version 1.35, 2017/11/12 14:59:14
|
version 1.36, 2017/11/12 15:02:00
|
Line 66 More details can be found here:
|
Line 66 More details can be found here:
|
|
|
### PKGSRC_MKPIE |
### PKGSRC_MKPIE |
|
|
This requests the the creation of PIE (Position Independent |
This requests the creation of PIE (Position Independent Executables) for all |
Executables) for all executables. The PIE mechanism is normally used |
executables. The PIE mechanism is normally used for shared libraries so that |
for shared libraries so that they can be loaded at differing addresses |
they can be loaded at differing addresses at runtime. PIE itself does not have |
at runtime. PIE itself does not have useful security properties. |
useful security properties. However, some operating systems support Address |
However, some operating systems support Address Space Layout |
Space Layout Randomization (ASLR), which causes different addresses to be used |
Randomization (ASLR), which causes different addresses to be used each |
each time a program is run. This makes it more difficult for an attacker to |
time a program is run. This makes it more difficult for an attacker |
guess addresses and thus makes exploits harder to construct. |
to guess addresses and thus makes exploits harder to construct. |
|
|
|
PIE executables will only be built for toolchains that are known to support PIE. |
PIE executables will only be built for toolchains that are known to support PIE. |
Currently, this means NetBSD on amd64 and i386. |
Currently, this means NetBSD on amd64 and i386. |