FS#46143 : [postfix] build as PIE to fully take advantage of ASLR

FS#46143 - [postfix] build as PIE to fully take advantage of ASLR

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Saturday, 29 August 2015, 14:49 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 30 August 2015, 04:37 GMT

Task Type	Feature Request
Category	Packages: Extra
Status	Closed
Assigned To	Gaetan Bisson (vesath)
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi,

In order to fully benefit from ASLR, postfix would need to be built as PIE, which can be done by simply adding pie=yes on the make line. As postfix is a network daemon, I believe the gain in term of security would be worth the small overhead introduced by that move, especially on x86_64 where ASLR is most useful and the PIE cost is almost nonexistent.

This task depends upon

Closed by Gaetan Bisson (vesath)
Sunday, 30 August 2015, 04:37 GMT
Reason for closing: Implemented
Additional comments about closing: postfix-3.0.2-2 in [extra]

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#46143 - [postfix] build as PIE to fully take advantage of ASLR

Details

Loading...