From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:58108) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RS3R2-0006uj-LP for qemu-devel@nongnu.org; Sun, 20 Nov 2011 04:11:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RS3R1-0006uj-Ep for qemu-devel@nongnu.org; Sun, 20 Nov 2011 04:11:36 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44703) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RS3R1-0006uf-7t for qemu-devel@nongnu.org; Sun, 20 Nov 2011 04:11:35 -0500 Message-ID: <4EC8C440.8040801@redhat.com> Date: Sun, 20 Nov 2011 11:11:28 +0200 From: Avi Kivity MIME-Version: 1.0 References: <1321380737-23007-1-git-send-email-avi@redhat.com> In-Reply-To: <1321380737-23007-1-git-send-email-avi@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v8 1.0] configure: build position independent executables on x86-Linux hosts List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori , qemu-devel@nongnu.org, Blue Swirl Cc: Paul Moore , Peter Maydell On 11/15/2011 08:12 PM, Avi Kivity wrote: > Change the default on x86 Linux hosts to building PIE (position > independent executables); instead of restricting the option to > user-only targets, apply it to all targets. > > In addition, set the relocation sections to read-only (relro) when > available; this reduces the attack surface by disallowing changes to > relocation tables at runtime. > > While PIE reduces performance and relro increases load time, it > greatly improves security, with the potential to reduce a code > execution vulnerability to a self denial of service. > > Non-x86 are not changed, as they require TCG changes; neither are > non-Linux, due to lack of test coverage. > > Ping. -- error compiling committee.c: too many arguments to function