[libvirt] [PATCH 1/2] Build all binaries with PIE
Eric Blake
eblake at redhat.com
Wed Apr 3 13:06:40 UTC 2013
On 04/03/2013 05:41 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> PIE (position independent executable) adds security to executables
> by composing them entirely of position-independent code (PIC. The
> .so libraries already build with -fPIC. This adds -fPIE which is
> the equivalent to -fPIC, but for executables. This for allows Exec
> Shield to use address space layout randomization to prevent attackers
> from knowing where existing executable code is during a security
> attack using exploits that rely on knowing the offset of the
> executable code in the binary, such as return-to-libc attacks.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> +++ b/m4/virt-compile-pie.m4
> @@ -0,0 +1,13 @@
> +dnl
> +dnl Check for support for position independent executables
This new file is currently small enough to get away with no copyright
notice, but adding one now would be easier than scratching our heads
during a later audit on whether it is needed.
ACK, whether or not you add a copyright blurb to the new .m4 file.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130403/6b24b63e/attachment-0001.sig>
More information about the libvir-list
mailing list