Bug 699 - [patch] add a configure option to build as a PIE binary
[patch] add a configure option to build as a PIE binary
Product: unbound
Classification: Unclassified
Component: server
x86_64 Linux
: P5 enhancement
Assigned To: unbound team
Depends on:
  Show dependency treegraph
Reported: 2015-08-25 17:00 CEST by Remi Gacogne
Modified: 2018-09-04 17:52 CEST (History)
3 users (show)

See Also:

Patch to add a --enable-pie option to unbound's configure (1.49 KB, patch)
2015-08-25 17:00 CEST, Remi Gacogne
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Remi Gacogne 2015-08-25 17:00:41 CEST
Created attachment 294 [details]
Patch to add a --enable-pie option to unbound's configure

In order to fully benefit from ASLR, unbound would need to be compiled as a Position-Independent Executable. While building as PIE may not be desirable by default for performance reason, would you be willing to add a configure option to do so? It would make it easier to build as PIE without the need to set custom CFLAGS/LDFLAGS, like Hardened Gentoo or Debian's hardening-wrapper are doing.

Attached is a proposal to add such an option. Due to my lack of experience with autotools, I am not sure it is the best way to add such an option though.
Comment 1 Wouter Wijngaards 2015-08-28 16:32:43 CEST
Hi Remi,

Thank you for your patch.  It is well written, and I have integrated it.  (also in NSD!).  I hope this can increase the security of the server.

Best regards, Wouter
Comment 2 securitasepay 2018-09-04 17:52:09 CEST
securitas epay
securitas epay login
securitas epay register