httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r.pl...@t-online.de (Rüdiger Plüm)
Subject Re: [PATCH] PIE support
Date Fri, 21 Jan 2005 21:42:52 GMT


Justin Erenkrantz wrote:
> --On Friday, January 21, 2005 2:46 PM +0000 Joe Orton 
> <jorton@redhat.com> wrote:
> 
>> Modern versions of GCC/binutils/... support flags which allow building
>> "Position Independent Executables".  This a Security Feature (TM) which
>> means that executables can be loaded at non-fixed locations, making it
>> harder to write some types of exploit.
> 
> ...
> 
>> Any objections for committing to the trunk?
> 
> 
> I'm fine with it in trunk, but I'd be against a 2.0 backport...  -- justin
> 

What is the reason against a backport?
As far as I know (Joe please correct me if I am wrong) it is already used
for the Apache 2.0.x delivered with Red Hat AS 3.0 Upgrade 3 (and maybe Fedora???).
So there is actually some test base for running Apache compiled with this option.
I was also able to compile my own Apache and run it successfully on Red Hat AS 3.0
with this compiler option enabled.
As the patch does not seem to make --enable-pie a default and this option only works
on systems which have a supporting gcc installed I do not understand why it should
not be backported.


Regards

Rüdiger


Mime
View raw message