On 14 May 2016 at 21:12, Niels Thykier <ni...@thykier.net> wrote: > Marco d'Itri: >> On May 03, Josh Triplett <j...@joshtriplett.org> wrote: >> >>> While this doesn't make PIC absolutely free, it does eliminate almost >>> all of the cost, to the point that it no longer seems worthwhile to >>> build without -fPIC. Apart from that, building *all* code with -fPIC >>> (including both programs and libraries) helps with hardening. >> I think that this is worth exploring. >> Did you check what other (relevant) distributions are doing? >> > > Fedora seems to be doing -fPIE by default for executables[1] - targeting > Fedora 23. Known issues they ran into can be found at [2]. > I also found the following PPA [3]. Cannot say if it is official or > just a personal interest from the PPA owner. >
Ubuntu 16.04 LTS on s390x has -fPIE and bind now Ubuntu 16.10 on amd64, ppc64el, s390x has -fPIE and bind now In general features like these for Ubuntu are tracked by Security team at: https://wiki.ubuntu.com/Security/Features And bind-now needs fixing on that page. -- Regards, Dimitri.
