On Thursday 26 January 2012 11:55:54 Jason A. Donenfeld wrote: > On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vap...@gentoo.org> wrote: > > pedantically, PIE+ASLR makes it significantly harder to exploit, not > > impossible > > > > if we could get some general performance numbers that show non-PIE vs > > PIE, that'd help make the case for turning PIE on by default regardless > > of set*id. > > For starters, though, what about just pooping a Q&A warning for non-PIE > SUID? That way those packages could be fixed, and we'd have a little trial > to see how PIE behaves across different platforms. If that all goes well, > we bump up to default, but that's a far off discussion.
a QA warning doesn't help anyone if we don't have documentation in place explaining to people how to do this cleanly -mike
signature.asc
Description: This is a digitally signed message part.
