On 2013-08-04 20:33:50 -0400, Robert Haas wrote:
> On Wed, Jul 31, 2013 at 4:35 PM, Robert Lerche (rlerche)
> <rlerche@cisco.com> wrote:
> > Hi. Has anyone had experience building PostgreSQL to support Address Space
> > Layout Randomization (ASLR)? I recently took a brute-force approach
> > (compiling everything with -fPIC and specifying -pie on all executables).
> > This worked, but a (very superficial) performance test indicated a high cost
> > (around 50%, much more than I expected). This was on 64-bit Linux
> > x86.
What benchmark did you run? Did you run a profile?
I am not really surprised that compiling the backend itself as position
independent code has a high price. There's lots of switch/jump tables in
pg that are called in hot paths. Adding math to those will have a price.
> > Google turns up some references to the Ubuntu distribution of version 8.3
> > being built this way but nothing much more interesting.
> >
> > I’d appreciate any information or help anyone can give me on this. Thanks.
>
> AFAIK you've got it backwards: ASLR is something that happens
> automatically, unless you take steps to suppress it, at least on MacOS
> X. I not long ago built with EXEC_BACKEND on that platform and found
> that it broke stuff until I disabled ASLR.
ALSR for code can only happen if code is built as position independent
code, otherwise addresses are hardcoded. That is - in modern unixoid
systems - nearly always the case for shared libraries et al, but not
necessarily for plain binaries or statically linked code. The above
referenced -fPIC and -pie make the code/executable position independent.
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services
