James Wilkinson wrote:
Tom Horsley wrote:
The "prelinker" is enabled by default because one group of
geeks want their shared libs to load 10 nanoseconds faster
(while using 45 hours of cpu in a cron job to achieve that),
meanwhile the security geeks enable address space randomization
by default, thus insuring that everything the prelinker does
will be for naught because none of the libs will ever load
at the prelinked address.
Thank you for the following.
http://lwn.net/Articles/190139/:
In an attempt to restore some of the benefits of address space
randomization, prelink is capable of randomly selecting the
addresses used for prelinking. This makes it more difficult to
perform certain attacks on a system, because the addresses used are
unique to that system.
In other words, prelinking does address space randomization on a
per-system basis.
Or so I understand – if you have any other sources, I’d be interested to
hear them. This comes from a reputable source and matches my
understanding.
Hope this helps,
James.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines