Mailinglist Archive: opensuse-factory (914 mails)

< Previous Next >
[opensuse-factory] openSUSE Tumbleweed now full of PIE
Hi,

It might not have been obvious, but if you read Dominiques E-Mails, you will
notice
that the transition to GCC 7 we also did another transition.

Tumbleweed is now built with PIE (Position Independend Executables) as default.

This is achieved by a gcc defaults override in the "gcc-PIE" package.

This allows full ASLR (address space randomization) for all binaries without
specific need to change your actual package, making attacks much harder.


While I am still fixing some stragglers where the default did not trigger,
and subtracting the packages where PIE was too tricky currently (emacs,
qemu, small number of others), I would estimate a 97% coverage at
this time. An rpmlint check will be added.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >