IN PROGRESS...

Summary

Compiling with PIE (Position Independent Executable) provides some hardening against memory corruption vulnerabilities. On architectures with enough general registers, compiling with PIE does not incur a noticeable performance impact. As a result, the added security is worth having.

Release Note

The 64bit x86 architecture is compiled with PIE (Position Independent Executable) by default. Combined with the kernel's ASLR (Address Space Layout Randomization), this provides some additional protections against memory corruption vulnerabilities being exploited by attackers.

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

Use Cases

Assumptions

Design

You can have subsections that better describe specific parts of the issue.

Implementation

This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

UI Changes

Should cover changes required to the UI, or specific UI that is required to implement this

Code Changes

Code changes should include an overview of what needs to change, and in some cases even the specific details.

Migration

Include:

Test/Demo Plan

To experiment with this, the PIEExperimentSpec wiki page exists to organize the work of rebuilding Intrepid with PIE enabled by default.

Outstanding Issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.


CategorySpec

64BitPIEDefaultSpec (last edited 2008-09-02 20:35:03 by kees)