version 1.36, 2017/11/12 15:02:00
|
version 1.37, 2017/11/12 15:12:49
|
Line 67 More details can be found here:
|
Line 67 More details can be found here:
|
### PKGSRC_MKPIE |
### PKGSRC_MKPIE |
|
|
This requests the creation of PIE (Position Independent Executables) for all |
This requests the creation of PIE (Position Independent Executables) for all |
executables. The PIE mechanism is normally used for shared libraries so that |
executables. The PIE mechanism is normally used for shared libraries, so that |
they can be loaded at differing addresses at runtime. PIE itself does not have |
they can be loaded at differing addresses at runtime. PIE itself does not have |
useful security properties. However, some operating systems support Address |
useful security properties; however, it is necessary to fully leverage some, |
Space Layout Randomization (ASLR), which causes different addresses to be used |
such as ASLR. Some operating systems support Address Space Layout Randomization |
each time a program is run. This makes it more difficult for an attacker to |
(ASLR), which causes different addresses to be used each time a program is run. |
guess addresses and thus makes exploits harder to construct. |
This makes it more difficult for an attacker to guess addresses and thus makes |
|
exploits harder to construct. With PIE, ASLR can really be applied to the entire |
|
program, instead of the stack and heap only. |
|
|
PIE executables will only be built for toolchains that are known to support PIE. |
PIE executables will only be built for toolchains that are known to support PIE. |
Currently, this means NetBSD on amd64 and i386. |
Currently, this means NetBSD on amd64 and i386. |