|| ||Jakub Jelinek <jakub-AT-redhat.com> |
|| ||yersinia <yersinia.spiros-AT-gmail.com> |
|| ||Re: prelink: is it worth it? |
|| ||Sat, 11 Jul 2009 00:26:24 +0200|
|| ||Development discussions related to Fedora <fedora-devel-list-AT-redhat.com>|
|| ||Article, Thread
On Fri, Jul 10, 2009 at 11:29:43PM +0200, yersinia wrote:
> Ok. But prelink it or not a requisite for ASLR or not ? In other word,
> besides performance
> is disabling prelink a security matter or not ? It is not bad to have some
> answer on this.
ASLR happens with prelink or without. Particularly, PIEs (should be used
for most of suid/network facing or otherwise security exposed programs) are
always randomized, both the binary itself and all shared libraries it uses.
Other than that, on prelinked system libraries are assigned random addresses
whenever reprelinked, while when not prelinked, libraries are given random
addresses on every exec. Non-PIE binaries have always fixed address.
fedora-devel-list mailing list
to post comments)