Bug 155451
Summary: | Postfix could/should have PIE executables | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomas Mraz <tmraz> |
Component: | postfix | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | Keywords: | FutureFeature |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-12 12:43:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Mraz
2005-04-20 14:11:25 UTC
/usr/sbin/postfix is PIE. PIE executables are slower than PIC binaries, therefore only postfix itself is compiled PIE. I can compile all PIE, but this will result in slow (-er ?) email transportation. Which binaries do you like to have PIE? Actually the postfix executable probably doesn't have to be PIE as it isn't network facing. Basically PIE improves security for network facing daemons (or binaries executed from network daemons which work with untrusted content received from network). So in postfix case it would possibly be master, smtpd and maybe other executables further in the process. About the performance drop due to PIE - is it really noticeable? Yup, it is noticeable, but I have compiled all binaries PIE, now. Fixed in rawhide in rpm postfix-2.2.3-1 or newer. |