From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RqvuE-0004i2-Cj for garchives@archives.gentoo.org; Sat, 28 Jan 2012 00:12:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9AD3BE09B6; Sat, 28 Jan 2012 00:12:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 01F4BE09C2 for ; Sat, 28 Jan 2012 00:11:35 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 49CB41B4009 for ; Sat, 28 Jan 2012 00:11:35 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? Date: Fri, 27 Jan 2012 19:12:35 -0500 User-Agent: KMail/1.13.7 (Linux/3.2.0; KDE/4.6.5; x86_64; ; ) References: <4F230577.7060602@gentoo.org> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9250748.mvGRHL71NV"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201201271912.35560.vapier@gentoo.org> X-Archives-Salt: 1ba7db16-0951-4b9b-b9c2-09257a27ca6f X-Archives-Hash: de30ca05d1b77a1c2e8f4e4ba8a84068 --nextPart9250748.mvGRHL71NV Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Friday 27 January 2012 16:05:13 Jason A. Donenfeld wrote: > On Fri, Jan 27, 2012 at 21:13, "Pawe=C5=82 Hajdan, Jr." wrote: > > Again - only if we don't get a consensus here. >=20 > Wait... Is anybody here *actually opposed* to not enabling PIE on *SUID > binaries*? he was talking system wide considering the number set*id binaries in the tree, and their requirements= =20 (they tend to not be performance sensitive in the slightest), i don't have = a=20 problem with steering them in the PIE direction. ignoring /usr/bin/Xorg here of course, but that has a lot more problems tha= t i=20 doubt PIE will make much of a difference. =2Dmike --nextPart9250748.mvGRHL71NV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABAgAGBQJPIz1zAAoJEEFjO5/oN/WBlHwQANCsO9kEmavMefV1iwp8qQs+ xPS118pIoqcCior2jgx44ZRCeX5z0x8x7YWxd/5bcWD4sPLpBBUQw6ov3z/MbFfx hFYwp7WQD0eLEF20YIncGFhbCKkScKEOTl0e/Klr1IJUi0/wX/lzkQG1JivgrjyQ ePrYRjgXmhb+gBoxYHfKhRKh5dm8DyqXfirbOtqAF3cXfWmUu+pKHoxZ1SbTgtkm 4jn3iB7hRGKKyqXyvU4+J+2VmN1XyXAYQU0iezdn5bnddkDHEDmOTJCGjBjNTWmh DnHhCWyX0dRZJEUZFLvD/+cmhxW33Vlpi4gir8qj28q/4g3/SWqEsKm88BMxDMLg ++aOnH+kAs0zY64bt4NhjsNPyYq0PQMr4dX5OwRiija18PRm5qADoLICX3vbIXy6 YhhqZPcM+t/4Nt3/lRQ01jUp8TDAGJgpepvew0AmUkCAKVZtR78jU7X+kQS/VDhU IySQZNTkkUCkdkcpUuRMzrMkEDK/yBJkmG7xf5B7gDV/Gd2ZaxZg0epfkojKfZcN LBrr4V3MoMjbaDBSewnB34RRcXkBfFfWyvqKzkRaTO/BJubLwNcpY0+dktapkR8Q 0YmVOEP25PjYpHNMYWfz0WJSjFv7mcJ6nQ7XDF4l/7//5SngI0V5uB7zntH3nO5g Q7jrNZcrSxPA++RsoGai =gB9f -----END PGP SIGNATURE----- --nextPart9250748.mvGRHL71NV--