Feature changed by: Marcus Meissner (msmeissn) Feature #322473, revision 19 Title: Address Space Randomization for all binaries (ASLR / PIE) Requested by: Marcus Meissner (msmeissn) Requested by: Matthias Eckermann (mge1512) Partner organization: openSUSE.org Description: We want address space randomizaton (ASLR) for all binaries we ship. This means building all possible binaries with -fPIE -pie. openSUSE Factory is close to having this already, just some polishing steps needed. Business case (Partner benefit): openSUSE.org: unacceptable not to have it in comparison with competitors. Discussion: #5: Marcus Meissner (msmeissn) (2017-04-13 10:33:02) Richi wonders if this should go for just the distribution, but also for the system compiler that builds customer binaries. + Release Notes: Address Space Layout Randomization + Challenge: + Security consists of layers of defence. One of those layers of defence + is randomizing address for programs, so offsets and functions and + similar are at randomized addresses on every start. + Solution: + All SUSE Linux Enterprise 15 binaries are built with PIE (Position + Independend Executables) support which will randomize all code layout + in memory on every startup of the binary. -- openSUSE Feature: https://features.opensuse.org/322473