Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Compile with PIE

From: Balint Reczey <balint.reczey@xxxxxxxxxxxx>
Date: Tue, 05 Jan 2010 19:38:31 +0100
Bill Meier wrote:
Stig Bjørlykke wrote:
Hi,

Can we build Wireshark and friends as Position-independent executables (PIE)?
The attached patch seems to do this.  Any objections against this patch?

I've no experience with Position-independent executables; A quick search does suggest that there's a performance hit (every time the program is loaded into memory ??).


For example:

From: http://www.redhat.com/magazine/009jul05/features/execshield/

   "Position independent code has a performance overhead on most
    architectures (x86-64 is the exception to this). For this reason,
    neither Red Hat® Enterprise Linux® nor Fedora™ Core have the entire
    distribution compiled as a PIE binary. Only selected, security
    sensitive programs are compiled as PIEs. "

Thoughts ??


Recent Debian and Ubuntu packages are already built with PIE and other security related hardening options:
http://wiki.debian.org/Hardening
http://packages.qa.debian.org/w/wireshark/news/20091006T201929Z.html

I haven't tested the speed impacts, but the packaged binaries don't seem to be noticeably slower than the svn builds.

Cheers,
Balint