[opensuse-project] openSUSE Tumbleweed now full of PIE
Hi, It might not have been obvious, but if you read Dominiques E-Mails, you will notice that the transition to GCC 7 we also did another transition. Tumbleweed is now built with PIE (Position Independend Executables) as default. This is achieved by a gcc defaults override in the "gcc-PIE" package. This allows full ASLR (address space randomization) for all binaries without specific need to change your actual package, making attacks much harder. While I am still fixing some stragglers where the default did not trigger, and subtracting the packages where PIE was too tricky currently (emacs, qemu, small number of others), I would estimate a 97% coverage at this time. An rpmlint check will be added. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
participants (1)
-
Marcus Meissner