[Pkg-samba-maint] Bug#509135: Enable PIE during configure?
Kees Cook
kees at debian.org
Thu May 6 16:36:43 UTC 2010
Hi,
On Thu, May 06, 2010 at 03:57:13PM +0200, Christian PERRIER wrote:
> Are there any objections to /me applying Kees patch to the trunk so
> that samba is now compiled with PIE?
>
> (hell, I have no idea what this is, but that seems useful to People
> Who Know...:-))
Here's a tiny write-up I did in the Ubuntu wiki on the benefits of PIE:
https://wiki.ubuntu.com/Security/Features#exec%20ASLR
Basically, it just makes it harder for samba to be exploited in the case of
a memory-corruption attack.
And since the only objection was that gdb didn't support PIE in Debian, I
think this is good to go now (since gdb 7.1 is in Debian now, and supports
PIE).
(Also note that Ubuntu has been building with PIE on samba since late 2008
without any noticed ill-effects.)
-Kees
--
Kees Cook @debian.org
More information about the Pkg-samba-maint
mailing list