Feature changed by: Matthias Eckermann (mge1512) Feature #322473, revision 5 Title: Address Space Randomization for all binaries (ASLR / PIE) Requested by: Marcus Meissner (msmeissn) + Requested by: Matthias Eckermann (mge1512) Partner organization: openSUSE.org Description: We want address space randomizaton (ASLR) for all binaries we ship. This means building all possible binaries with -fPIE -pie. openSUSE Factory is close to having this already, just some polishing steps needed. Business case (Partner benefit): openSUSE.org: unacceptable not to have it in comparison with competitors. -- openSUSE Feature: https://features.opensuse.org/322473

Feature changed by: Stefan Behlert (sbehlert) Feature #322473, revision 9 Title: Address Space Randomization for all binaries (ASLR / PIE) Requested by: Marcus Meissner (msmeissn) Requested by: Matthias Eckermann (mge1512) Partner organization: openSUSE.org Description: We want address space randomizaton (ASLR) for all binaries we ship. This means building all possible binaries with -fPIE -pie. openSUSE Factory is close to having this already, just some polishing steps needed. Business case (Partner benefit): openSUSE.org: unacceptable not to have it in comparison with competitors. Discussion: - #5: Marcus Meissner (msmeissn) (2017-04-13 10:33:02Z) + #5: Marcus Meissner (msmeissn) (2017-04-13 10:33:02) Richi wonders if this should go for just the distribution, but also for the system compiler that builds customer binaries. -- openSUSE Feature: https://features.opensuse.org/322473

Feature changed by: Stefan Knorr (stfnknorr) Feature #322473, revision 20 Title: Address Space Randomization for all binaries (ASLR / PIE) Requested by: Marcus Meissner (msmeissn) Requested by: Matthias Eckermann (mge1512) Partner organization: openSUSE.org Description: We want address space randomizaton (ASLR) for all binaries we ship. This means building all possible binaries with -fPIE -pie. openSUSE Factory is close to having this already, just some polishing steps needed. Business case (Partner benefit): openSUSE.org: unacceptable not to have it in comparison with competitors. Discussion: #5: Marcus Meissner (msmeissn) (2017-04-13 10:33:02) Richi wonders if this should go for just the distribution, but also for the system compiler that builds customer binaries. + #12: Stefan Knorr (stfnknorr) (2018-04-27 13:53:30Z) + I adapted the release note of this one slightly (in particular the + headline) -- please update again if I made a mistake there. - Release Notes: Address Space Layout Randomization + Release Notes: All SLE 15 Packages Are Enabled for Address Space Layout + Randomization Challenge: - Security consists of layers of defence. One of those layers of defence + Security consists of layers of defense. One of those layers of defense is randomizing address for programs, so offsets and functions and similar are at randomized addresses on every start. Solution: - All SUSE Linux Enterprise 15 binaries are built with PIE (Position - Independend Executables) support which will randomize all code layout + All SUSE Linux Enterprise 15 binaries are built with support for PIE + (Position-Independent Executables) which will randomize all code layout in memory on every startup of the binary. -- openSUSE Feature: https://features.opensuse.org/322473