httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Rüdiger Plüm)
Subject Re: [PATCH] PIE support
Date Fri, 21 Jan 2005 21:42:52 GMT

Justin Erenkrantz wrote:
> --On Friday, January 21, 2005 2:46 PM +0000 Joe Orton 
> <> wrote:
>> Modern versions of GCC/binutils/... support flags which allow building
>> "Position Independent Executables".  This a Security Feature (TM) which
>> means that executables can be loaded at non-fixed locations, making it
>> harder to write some types of exploit.
> ...
>> Any objections for committing to the trunk?
> I'm fine with it in trunk, but I'd be against a 2.0 backport...  -- justin

What is the reason against a backport?
As far as I know (Joe please correct me if I am wrong) it is already used
for the Apache 2.0.x delivered with Red Hat AS 3.0 Upgrade 3 (and maybe Fedora???).
So there is actually some test base for running Apache compiled with this option.
I was also able to compile my own Apache and run it successfully on Red Hat AS 3.0
with this compiler option enabled.
As the patch does not seem to make --enable-pie a default and this option only works
on systems which have a supporting gcc installed I do not understand why it should
not be backported.



View raw message