5 Jan
2015
5 Jan
'15
09:50
On 05 Jan 10:10, Marcus Meissner wrote:
Methods I am currently thinking about: - Change the compiler directly to build PIE binaries by default (change in gcc) Binaries that do not want it, would need to use -no-pie / -fno-PIE
I would say go for this method. Our toolchain should be as secure as it could be by default. Also PIE slowdown on x86 should be negligible with recent kernels. Regards, ismail