On 02/05/2015 02:06 PM, Wietse Venema wrote: > How do we know this makes a meaningful difference? > > Postfix programs appear to behave as usual with Fedora Core 20 and > FreeBSD 9.x. The "file" command reports the executables as "ELF > 64-bit LSB shared object" instead of "ELF 64-bit LSB executable", > so that looks right.
There is a perl program, which comes packaged in most current distros, called "hardening-check" which outputs something like this: $ hardening-check ./postfix ./postfix: Position Independent Executable: yes Stack protected: no, not found! Fortify Source functions: unknown, no protectable libc functions used Read-only relocations: yes Immediate binding: no, not found! I must look into how to turn some of those other items into "yes" as well. > If it is really that simple, then we might put PIE support into > Postfix 3.0. That would be great. Peter
