Re: PostgreSQL and ASLR on Linux

On 2013-08-04 20:33:50 -0400, Robert Haas wrote:
> On Wed, Jul 31, 2013 at 4:35 PM, Robert Lerche (rlerche)
> <rlerche@cisco.com> wrote:
> > Hi.  Has anyone had experience building PostgreSQL to support Address Space
> > Layout Randomization (ASLR)?  I recently took a brute-force approach
> > (compiling everything with -fPIC and specifying -pie on all executables).
> > This worked, but a (very superficial) performance test indicated a high cost
> > (around 50%, much more than I expected).  This was on 64-bit Linux
> > x86.

What benchmark did you run? Did you run a profile?

I am not really surprised that compiling the backend itself as position
independent code has a high price. There's lots of switch/jump tables in
pg that are called in hot paths. Adding math to those will have a price.

> > Google turns up some references to the Ubuntu distribution of version 8.3
> > being built this way but nothing much more interesting.
> >
> > I’d appreciate any information or help anyone can give me on this.  Thanks.
> 
> AFAIK you've got it backwards: ASLR is something that happens
> automatically, unless you take steps to suppress it, at least on MacOS
> X.  I not long ago built with EXEC_BACKEND on that platform and found
> that it broke stuff until I disabled ASLR.

ALSR for code can only happen if code is built as position independent
code, otherwise addresses are hardcoded. That is - in modern unixoid
systems - nearly always the case for shared libraries et al, but not
necessarily for plain binaries or statically linked code. The above
referenced -fPIC and -pie make the code/executable position independent.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services