From: Avi Kivity <avi@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Blue Swirl <blauwirbel@gmail.com>,
Peter Maydell <peter.maydell@linaro.org>,
Paul Moore <pmoore@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v7 1.0] configure: build position independent executables on x86 hosts
Date: Tue, 15 Nov 2011 19:50:50 +0200 [thread overview]
Message-ID: <4EC2A67A.6040604@redhat.com> (raw)
In-Reply-To: <4EC27DEE.1020206@redhat.com>
On 11/15/2011 04:57 PM, Anthony Liguori wrote:
> On 11/15/2011 05:25 AM, Peter Maydell wrote:
>> On 15 November 2011 09:34, Avi Kivity<avi@redhat.com> wrote:
>>> Change the default on x86 hosts to building PIE (position independent
>>> executables); instead of restricting the option to user-only targets,
>>> apply it to all targets.
>>>
>>> In addition, set the relocation sections to read-only (relro) when
>>> available;
>>> this reduces the attack surface by disallowing changes to relocation
>>> tables
>>> at runtime.
>>>
>>> While PIE reduces performance and relro increases load time, it greatly
>>> improves security, with the potential to reduce a code execution
>>> vulnerability
>>> to a self denial of service.
>>>
>>> Non-x86 are not changed, as they require TCG changes.
>>>
>>> Signed-off-by: Avi Kivity<avi@redhat.com>
>>
>> Reviewed-by: Peter Maydell<peter.maydell@linaro.org>
>>
>> ...as far as the technical content of the patch is concerned.
>> I'm still rather dubious about the merits of putting this patch
>> in this late in the release cycle.
>
> How about we limit this to be enabled by default on x86 Linux hosts?
>
> That would make me a lot more comfortable for 1.0 since I expect we
> can test that exhaustively.
It certainly suits me. v8 coming up.
--
error compiling committee.c: too many arguments to function
prev parent reply other threads:[~2011-11-15 17:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-15 9:34 [Qemu-devel] [PATCH v7 1.0] configure: build position independent executables on x86 hosts Avi Kivity
2011-11-15 11:25 ` Peter Maydell
2011-11-15 14:57 ` Anthony Liguori
2011-11-15 17:50 ` Avi Kivity [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EC2A67A.6040604@redhat.com \
--to=avi@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=blauwirbel@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.