On 1/27/12 8:02 PM, Jason A. Donenfeld wrote: > I've just been informed that RHEL does not allow non-PIE executables. We > really should follow suit here.
I'm generally in favor of enabling more hardening features by default (i.e. reversing the default, so that people who want to disable PIE can still do it). Note that the hardened profile uses PIE by default iirc. The most common argument against it is performance loss I think, and there are probably less than 10 packages that have some compilation issues with PIE. In my opinion we can deal with that, and security benefits are much more important. If the discussion on this doesn't get conclusive, how about adding the question to the Council's agenda?
signature.asc
Description: OpenPGP digital signature
