Web lists-archives.com

Re: When did Debian decide to enable PIE by default?




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Aug 09, 2017 at 02:49:06PM +0000, 慕 冬亮 wrote:
> 
> 
> On 08/09/2017 10:31 AM, Thomas Schmitt wrote:
> > Hi,
> >
> > 慕 冬亮 <mudongliangabcd@xxxxxxxxxxx> wrote:
> >> When does Debian Team, or Security Team decide to enable PIE by default?
> > I guess it was one year ago. At least that's the dates one can see on
> >    https://wiki.debian.org/Hardening/PIEByDefaultTransition
> Such a good news for me, a student learning information security. 
> However, I have a doubt, why does Debian enable PIE by default, other 
> than stack protector and FORTIFY_SOURCE that are already enabled by 
> default in the Ubuntu distribution?
> 
> I think stack protector(FORTIFY_SOURCE) has less overhead than PIE.

As far as I understand, stack protection and/or FORTIFY_SOURCE are
about protecting from buffer overflows. Stack protection sounds
pretty generic, in the case of FORTIFY_SOURCE, it's the compiler
doing extra compile-time checks (when possible) and inserting extra
run-time check code.

PIE isn't a security measure in itself -- it just allows such code
to be dynamically mapped at any address. But it enables address space
layout randomisation [1], which isn't a security measure in itself
either, but a *mitigation* technique: if an attacker has already
managed to take control of your program counter (e.g. by rewriting
a return address... possibly via a stack overflow, see above), you
make his/her life harder by not putting (potentially useful) code
at a place (s)he knows how to find.

It's like putting a chair in a dark room. Of course you should
try to make your door and lock as secure as possible. But just
in case...

>       No System Is Safe!

exactly :-)

Cheers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlmMERMACgkQBcgs9XrR2kantACfXjHdLt0pWUu3sV6sui/8SB4F
J7UAnR0WzXmHw2WETK9UddYeHTjmc1u/
=MhEm
-----END PGP SIGNATURE-----