From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-49601-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Rr0bG-0002jk-Bq
	for garchives@archives.gentoo.org; Sat, 28 Jan 2012 05:13:18 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CFAB1E0800;
	Sat, 28 Jan 2012 05:13:09 +0000 (UTC)
Received: from homiemail-a62.g.dreamhost.com (caiajhbdcahe.dreamhost.com [208.97.132.74])
	by pigeon.gentoo.org (Postfix) with ESMTP id AC098E0BE8
	for <gentoo-dev@lists.gentoo.org>; Sat, 28 Jan 2012 05:12:15 +0000 (UTC)
Received: from homiemail-a62.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a62.g.dreamhost.com (Postfix) with ESMTP id E933763406E
	for <gentoo-dev@lists.gentoo.org>; Fri, 27 Jan 2012 21:12:14 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=zx2c4.com; h=mime-version
	:in-reply-to:references:date:message-id:subject:from:to:
	content-type; q=dns; s=zx2c4.com; b=CHTgWt3XAdH0cpPBpcZpYfVh6dbo
	qC4lzkHE+9ErEcpP4hzPFgQcEGjrI28JDRLZdVL1gM3Sstj2tyco+pmdUQkjWHTI
	PMONDwuXqINXPYAU+1g3ddmfp3YEi8qiyMtZm8IiqP8i+aRdJzP8j7BfzSnhheLo
	z3wVpeQLc6ohUac=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version
	:in-reply-to:references:date:message-id:subject:from:to:
	content-type; s=zx2c4.com; bh=9wMdRqH4vP8klECBC+J0sO/YSeE=; b=Mh
	KFm4G6p4ZAOVBjmVWBM++3yrqaqa8PW/ORjEoWEKJqZgV4Cqv2XlRZo8m4Z5//ug
	HoVI2N4pi9A1oE8nll49zh1v7C6glZdhAGfzkXvKZCprXyKhD/eYGshBc/Javxpt
	dJHS4husCiq3SVZ9Zxs3epS2pFC9RM5Sj7E/42PME=
Received: from mail-qy0-f181.google.com (mail-qy0-f181.google.com [209.85.216.181])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: jason@zx2c4.com)
	by homiemail-a62.g.dreamhost.com (Postfix) with ESMTPSA id C4A6F634064
	for <gentoo-dev@lists.gentoo.org>; Fri, 27 Jan 2012 21:12:14 -0800 (PST)
Received: by qcpx40 with SMTP id x40so1555304qcp.40
        for <gentoo-dev@lists.gentoo.org>; Fri, 27 Jan 2012 21:12:14 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.229.102.101 with SMTP id f37mr3507428qco.37.1327727534156;
 Fri, 27 Jan 2012 21:12:14 -0800 (PST)
Received: by 10.229.89.205 with HTTP; Fri, 27 Jan 2012 21:12:14 -0800 (PST)
In-Reply-To: <201201271912.35560.vapier@gentoo.org>
References: <CAHmME9oDzehZRbOM90u4viQa+xQuHQGyZfcvtqY-8JEWfDSUdA@mail.gmail.com>
	<4F230577.7060602@gentoo.org>
	<CAHmME9rmyKY3G7WrhnB0f5s5Y-i9qwAr+WLYEK9S5b5XOGu_7w@mail.gmail.com>
	<201201271912.35560.vapier@gentoo.org>
Date: Sat, 28 Jan 2012 06:12:14 +0100
Message-ID: <CAHmME9pebu6vi9W1hHu+emx6AwVb1es-VJhQ5t82DJTyDq22hQ@mail.gmail.com>
Subject: Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor?
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: gentoo-dev@lists.gentoo.org
Content-Type: multipart/alternative; boundary=002354471084082dc504b78fa8d7
X-Archives-Salt: b411371e-87c4-41db-b7a6-8696bb1477ec
X-Archives-Hash: 5cbba4727ee5292c03fe8a34290b6cc3

--002354471084082dc504b78fa8d7
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Jan 28, 2012 at 01:12, Mike Frysinger <vapier@gentoo.org> wrote:
>
> > Wait... Is anybody here *actually opposed* to not enabling PIE on *SUID
> > binaries*?
>
> he was talking system wide
>

This thread is about PIE on SUID executables.


>
> considering the number set*id binaries in the tree, and their requirements
> (they tend to not be performance sensitive in the slightest), i don't have
> a
> problem with steering them in the PIE direction.
>

Great!


>
> ignoring /usr/bin/Xorg here of course, but that has a lot more problems
> that i
> doubt PIE will make much of a difference.
>

Oh boy. Yea. Oh boy. Xorg should be PIE too, I suppose. Only takes
one rotten egg.



> -mike
>

--002354471084082dc504b78fa8d7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><br><div class=3D"gmail_quote">On Sat, Jan 28, 2012 at 01:12, Mike Frys=
inger <span dir=3D"ltr">&lt;<a href=3D"mailto:vapier@gentoo.org">vapier@gen=
too.org</a>&gt;</span> wrote:<blockquote class=3D"gmail_quote" style=3D"mar=
gin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
&gt; Wait... Is anybody here *actually opposed* to not enabling PIE on *SUI=
D<br>
&gt; binaries*?<br>
<br>
he was talking system wide<br></blockquote><div><br></div><div>This thread =
is about PIE on SUID executables.</div><div>=A0</div><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">

<br>
considering the number set*id binaries in the tree, and their requirements<=
br>
(they tend to not be performance sensitive in the slightest), i don&#39;t h=
ave a<br>
problem with steering them in the PIE direction.<br></blockquote><div><br><=
/div><div>Great!</div><div>=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
ignoring /usr/bin/Xorg here of course, but that has a lot more problems tha=
t i<br>
doubt PIE will make much of a difference.<br></blockquote><div><br></div><d=
iv>Oh boy. Yea. Oh boy. Xorg should be PIE too, I suppose. Only takes one=
=A0rotten=A0egg.</div><div><br></div><div>=A0</div><blockquote class=3D"gma=
il_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-lef=
t:1ex">

<font color=3D"#888888">-mike<br>
</font></blockquote></div><br>

--002354471084082dc504b78fa8d7--