On 2012-02-06 11:59:53 AM, Bill Nottingham wrote:
Stephen John Smoogen (smooge(a)gmail.com) said:
> > > Discussion from irc today pointed out the..... difficulty with our
> > > security with prelink running on our systems.
Is this a general issue that should be pushed up the stack?
I think the
"difficulty with our security" bit was referring to some
weirdness which caused issues with the needs-restarting utility.
However, I do have other reasons for questioning the need for prelink in
Fedora in general.
My main issue is that with prelink enabled, non-PIE binaries essentially
have library address randomization disabled (they are still randomized
every 2 weeks when prelink runs, but the addresses stay the same in
between). This makes many types of security bugs far easier to exploit
on Fedora than on distros without prelink.
One argument against this point is that we should just enable PIE on
apps which are security-sensitive, or which are likely to be exploited.
While I definitely don't disagree with this point, I think we're very
far from having that happen, and in addition, doing so would cause us to
lose many of the speedups that prelink is supposed to give (progams
which need to handle a lot of potentially untrusted inputs, like
openoffice, should then have PIE enabled).
With all this in mind, I'd definitely be interested in seeing a
discussion about whether prelink should stay enabled by default on