It might not have been obvious, but if you read Dominiques E-Mails, you will notice
that the transition to GCC 7 we also did another transition.
Tumbleweed is now built with PIE (Position Independend Executables) as default.
This is achieved by a gcc defaults override in the "gcc-PIE" package.
This allows full ASLR (address space randomization) for all binaries without
specific need to change your actual package, making attacks much harder.
While I am still fixing some stragglers where the default did not trigger,
and subtracting the packages where PIE was too tricky currently (emacs,
qemu, small number of others), I would estimate a 97% coverage at
this time. An rpmlint check will be added.
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
Show replies by date