Please sign in to comment.
configure: build position independent executables on x86-Linux hosts
Change the default on x86 Linux hosts to building PIE (position independent executables); instead of restricting the option to user-only targets, apply it to all targets. In addition, set the relocation sections to read-only (relro) when available; this reduces the attack surface by disallowing changes to relocation tables at runtime. While PIE reduces performance and relro increases load time, it greatly improves security, with the potential to reduce a code execution vulnerability to a self denial of service. Non-x86 are not changed, as they require TCG changes; neither are non-Linux, due to lack of test coverage. Signed-off-by: Avi Kivity <email@example.com> Signed-off-by: Anthony Liguori <firstname.lastname@example.org>
- Loading branch information...