Feature changed by: Stefan Knorr (stfnknorr)
Feature #322473, revision 20
Title: Address Space Randomization for all binaries (ASLR / PIE)
Requested by: Marcus Meissner (msmeissn)
Requested by: Matthias Eckermann (mge1512)
Partner organization: openSUSE.org
We want address space randomizaton (ASLR) for all binaries we ship.
This means building all possible binaries with -fPIE -pie.
openSUSE Factory is close to having this already, just some polishing
Business case (Partner benefit):
: unacceptable not to have it in comparison with
#5: Marcus Meissner (msmeissn) (2017-04-13 10:33:02)
Richi wonders if this should go for just the distribution, but also for
the system compiler that builds customer binaries.
+ #12: Stefan Knorr (stfnknorr) (2018-04-27 13:53:30Z)
+ I adapted the release note of this one slightly (in particular the
+ headline) -- please update again if I made a mistake there.
- Release Notes: Address Space Layout Randomization
+ Release Notes: All SLE 15 Packages Are Enabled for Address Space Layout
- Security consists of layers of defence. One of those layers of defence
+ Security consists of layers of defense. One of those layers of defense
is randomizing address for programs, so offsets and functions and
similar are at randomized addresses on every start.
- All SUSE Linux Enterprise 15 binaries are built with PIE (Position
- Independend Executables) support which will randomize all code layout
+ All SUSE Linux Enterprise 15 binaries are built with support for PIE
+ (Position-Independent Executables) which will randomize all code layout
in memory on every startup of the binary.