On Sun, Apr 01, 2012 at 11:29:42AM -0700, Kees Cook wrote: > Note that the default flags in both Ubuntu and Debian lack PIE (where > as Gentoo's hardening patchset includes PIE by default). The Debian > hardening documentation has encouraged maintainers to enable PIE too > if they have a sensitive package (daemons, media processors, browsers, > interpreters, etc), so it's not totally absent.
I think enabling PIE via dpkg-buildflags greatly depends on the build infrastructure, which might be why it's not always easy for people to enable it. However, I wonder why bindnow isn't on by default. I thought we had a discussion about this, and didn't really see any negative performance from that? Kurt -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120407001721.ga26...@roeckx.be
