prelink: is it worth it?
Till Maas
opensource at till.name
Thu Jul 9 18:11:51 UTC 2009
On Thu July 9 2009, Tomas Mraz wrote:
> On Thu, 2009-07-09 at 17:59 +0200, Till Maas wrote:
> > On Thu July 9 2009, yersinia wrote:
> > > But something one have to pay a security prize on not disabling it :
> > > it render impossible to have a
> > > centralizzated security integrity management (e.g. rfc.sf.net for
> > > example) or one have to skip from check the prelink binary. Very bad i
> > > think.
> >
> > You pay a security prize if you disable prelink, because it also performs
> > address space randomization:
> > http://lwn.net/Articles/190139/
>
> That's nonsense. Actually with prelink the randomization is done only
> when prelink is rerun as the addresses can change only during the
> prelinking.
I fail to understand what is nonsense, since you agree that prelink performs
randomization.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090709/8f1208e2/attachment.sig>
More information about the fedora-devel-list
mailing list