This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH i386] Allow sibcalls in no-PLT PIC
- From: Rich Felker <dalias at libc dot org>
- To: Michael Matz <matz at suse dot de>
- Cc: Jeff Law <law at redhat dot com>, "H.J. Lu" <hjl dot tools at gmail dot com>, Jan Hubicka <hubicka at ucw dot cz>, Alexander Monakov <amonakov at ispras dot ru>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Uros Bizjak <ubizjak at gmail dot com>
- Date: Tue, 19 May 2015 15:10:26 -0400
- Subject: Re: [PATCH i386] Allow sibcalls in no-PLT PIC
- Authentication-results: sourceware.org; auth=none
- References: <20150515202319 dot GE17573 at brightrain dot aerifal dot cx> <CAMe9rOqRBz7L6Fr1nxDVrTEh3EQ-AVV0dMCC0-xdpq87k=e4EQ at mail dot gmail dot com> <20150515204237 dot GF17573 at brightrain dot aerifal dot cx> <CAMe9rOp1ibVzf0KOt+1boOxb5ag85fe2Rv2Rst=CgAtOTGFBxA at mail dot gmail dot com> <20150515230810 dot GA73210 at kam dot mff dot cuni dot cz> <CAMe9rOr1_r0tvi_JdsCL8w-MMAqhSeVpA6sbksnn1yP224zn_A at mail dot gmail dot com> <20150515234403 dot GG17573 at brightrain dot aerifal dot cx> <alpine dot LSU dot 2 dot 20 dot 1505191637140 dot 27315 at wotan dot suse dot de> <555B508E dot 4010103 at redhat dot com> <alpine dot LSU dot 2 dot 20 dot 1505191759560 dot 27315 at wotan dot suse dot de>
On Tue, May 19, 2015 at 06:01:07PM +0200, Michael Matz wrote:
> Hi,
>
> On Tue, 19 May 2015, Jeff Law wrote:
>
> > > > Forget lazy binding. It's dead anyway because serious distros want
> > > > PIE+relro+bindnow+...
> > >
> > > You keep saying this, but I can't help the feeling it's mostly because
> > > musl doesn't support it ;-)
> >
> > FWIW, Red Hat is pushing PIE & partial RELRO deeper and deeper into the
> > distribution.
>
> Yeah, us as well, though I don't necessarily see the point for most
> packages; feels a bit like a checkmark item :)
These days it's fairly rare to have software which does not interact
at all with untrusted data. Consider how much user-facing application
software that was not previously considered security-critical is
making network connections using complex protocols (e.g. anything with
TLS, IM protocols, ...), opening image files from random sources
(attachments, files that happen to be in a browsed-to directory, on
USB sticks, etc.), and so on. I think it's smart to be hardening
everything, at least for distros providing all sorts of random
unvetted software.
Rich