1 |
Hi, |
2 |
|
3 |
On Tue, 09 May 2017 15:55:36 -0500 |
4 |
Matthias Maier <tamiko@g.o> wrote: |
5 |
|
6 |
> Well, Alexis certainly makes a strong point. Breaking installed static |
7 |
> archives by changing a use flag shouldn't be as easy as changing a |
8 |
> useflag. So we might simply use.force the pie use flag depending on |
9 |
> hardened/non-hardened profiles. |
10 |
|
11 |
While I understand that enabling pie requires some more planning to |
12 |
avoid breakage, I hope this is not the final solution we aim for. I |
13 |
really think it's about time that pie becomes the default in Gentoo. |
14 |
|
15 |
pie is required for working ASLR, which almost every other OS out there |
16 |
has these days. In recent years also Fedora, Ubuntu and lately Debian |
17 |
switched it on by default. I really think this should be a default |
18 |
security setting, not something that only lives in hardened. |
19 |
|
20 |
-- |
21 |
Hanno Böck |
22 |
https://hboeck.de/ |
23 |
|
24 |
mail/jabber: hanno@××××××.de |
25 |
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 |