From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rr0WU-0001s9-Uk for garchives@archives.gentoo.org; Sat, 28 Jan 2012 05:08:23 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5C773E0851; Sat, 28 Jan 2012 05:08:00 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (caiajhbdccac.dreamhost.com [208.97.132.202]) by pigeon.gentoo.org (Postfix) with ESMTP id BE6A8E0B65 for ; Sat, 28 Jan 2012 05:07:02 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 0848910AFB1 for ; Fri, 27 Jan 2012 21:07:02 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; q=dns; s=zx2c4.com; b=chr2YqQlH7eAjoVRNA/U30U9mHmg H1nYdoQoeBhsD1ua3W3bjn5Bue/aRQgCHD6ny1wHWfJ6uCAOkpIFpLPfa71cZj5/ tyX+uw5/nmwOglsw/DfyC7lj1e1yVA6LcVB/SGjrStHOBe5DcB5dO3JxAlHqZJ/N E/isE/ePEl6jW30= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; s=zx2c4.com; bh=NRhi+ipIsl7OC21kFZRu2jau9GY=; b=UR uPgAMvZoMhig8NrHkwj2hAhsPMXDiojUzMYKlZYaKzgLJxc9pzKAsb6T3xzvzLS5 p7higi2bNld3fvFVD3hyZgk3MkeSolsQoTWDuKI8RUO3hLvph8MaJjDSGtXlwtyA L7P0/R34J2al8z5op+VwLfaMI1wRRarasKe4ZUUQc= Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com [209.85.216.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jason@zx2c4.com) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id BCF6510AFAB for ; Fri, 27 Jan 2012 21:07:01 -0800 (PST) Received: by qadc10 with SMTP id c10so1085405qad.19 for ; Fri, 27 Jan 2012 21:07:01 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.224.198.65 with SMTP id en1mr12025233qab.81.1327727221124; Fri, 27 Jan 2012 21:07:01 -0800 (PST) Received: by 10.229.89.205 with HTTP; Fri, 27 Jan 2012 21:07:01 -0800 (PST) In-Reply-To: <4F233AD0.1030507@gentoo.org> References: <201201240058.50060.vapier@gentoo.org> <4F22FD6C.2020807@gentoo.org> <4F233AD0.1030507@gentoo.org> Date: Sat, 28 Jan 2012 06:07:01 +0100 Message-ID: Subject: Re: [gentoo-dev] Can we get PIE on all SUID binaries by default, por favor? From: "Jason A. Donenfeld" To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary=20cf300fb11b5fae9a04b78f9503 X-Archives-Salt: 15d135a2-52d8-4804-9503-5d557f0c6a71 X-Archives-Hash: 157de1903eb5b1d9485dd9abc3bebcc0 --20cf300fb11b5fae9a04b78f9503 Content-Type: text/plain; charset=ISO-8859-1 On Sat, Jan 28, 2012 at 01:01, Anthony G. Basile wrote: > > > Exactly. Jason, if you want PIE across the board (with a few exceptions), > switch to hardened. > > What? Are you kidding? Again, to reiterate, *I AM NOT SUGGESTING HAVING PIE ACROSS THE BOARD.* What I suggest is that we have PIE for SUID executable. See the subject of this thread. --20cf300fb11b5fae9a04b78f9503 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Sat, Jan 28, 2012 at 01:01, Anthony G= . Basile <bluen= ess@gentoo.org> wrote:

Exactly. =A0Jason, if you want PIE across the board (with a few exceptions)= , switch to hardened.


What? Are you kidding?

Again, to reiterate,= I AM NOT SUGGESTING HAVING PIE ACROSS THE BOARD.

What I suggest is that we have PIE for SUID=A0executabl= e. See the subject of this thread.=A0
--20cf300fb11b5fae9a04b78f9503--