| 1 |
Hi, |
| 2 |
|
| 3 |
On Tue, 09 May 2017 15:55:36 -0500 |
| 4 |
Matthias Maier <tamiko@g.o> wrote: |
| 5 |
|
| 6 |
> Well, Alexis certainly makes a strong point. Breaking installed static |
| 7 |
> archives by changing a use flag shouldn't be as easy as changing a |
| 8 |
> useflag. So we might simply use.force the pie use flag depending on |
| 9 |
> hardened/non-hardened profiles. |
| 10 |
|
| 11 |
While I understand that enabling pie requires some more planning to |
| 12 |
avoid breakage, I hope this is not the final solution we aim for. I |
| 13 |
really think it's about time that pie becomes the default in Gentoo. |
| 14 |
|
| 15 |
pie is required for working ASLR, which almost every other OS out there |
| 16 |
has these days. In recent years also Fedora, Ubuntu and lately Debian |
| 17 |
switched it on by default. I really think this should be a default |
| 18 |
security setting, not something that only lives in hardened. |
| 19 |
|
| 20 |
-- |
| 21 |
Hanno Böck |
| 22 |
https://hboeck.de/ |
| 23 |
|
| 24 |
mail/jabber: hanno@××××××.de |
| 25 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |
Archives