|
version 1.36, 2017/11/12 15:02:00
|
version 1.37, 2017/11/12 15:12:49
|
|
Line 67 More details can be found here:
|
Line 67 More details can be found here:
|
| ### PKGSRC_MKPIE |
### PKGSRC_MKPIE |
| |
|
| This requests the creation of PIE (Position Independent Executables) for all |
This requests the creation of PIE (Position Independent Executables) for all |
| executables. The PIE mechanism is normally used for shared libraries so that |
executables. The PIE mechanism is normally used for shared libraries, so that |
| they can be loaded at differing addresses at runtime. PIE itself does not have |
they can be loaded at differing addresses at runtime. PIE itself does not have |
| useful security properties. However, some operating systems support Address |
useful security properties; however, it is necessary to fully leverage some, |
| Space Layout Randomization (ASLR), which causes different addresses to be used |
such as ASLR. Some operating systems support Address Space Layout Randomization |
| each time a program is run. This makes it more difficult for an attacker to |
(ASLR), which causes different addresses to be used each time a program is run. |
| guess addresses and thus makes exploits harder to construct. |
This makes it more difficult for an attacker to guess addresses and thus makes |
| |
exploits harder to construct. With PIE, ASLR can really be applied to the entire |
| |
program, instead of the stack and heap only. |
| |
|
| PIE executables will only be built for toolchains that are known to support PIE. |
PIE executables will only be built for toolchains that are known to support PIE. |
| Currently, this means NetBSD on amd64 and i386. |
Currently, this means NetBSD on amd64 and i386. |
![[BACK]](/icons/back.gif){kind=icon}
Return to hardening.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / pkgsrc