< Previous Next >

[opensuse-project] openSUSE Tumbleweed now full of PIE From : Marcus Meissner <meissner@xxxxxxx>

: Marcus Meissner <meissner@xxxxxxx> Date : Fri, 16 Jun 2017 12:42:50 +0200

: Fri, 16 Jun 2017 12:42:50 +0200 Message-id : <20170616104250.GI9838@suse.de>

Hi,



It might not have been obvious, but if you read Dominiques E-Mails, you will

notice

that the transition to GCC 7 we also did another transition.



Tumbleweed is now built with PIE (Position Independend Executables) as default.



This is achieved by a gcc defaults override in the "gcc-PIE" package.



This allows full ASLR (address space randomization) for all binaries without

specific need to change your actual package, making attacks much harder.





While I am still fixing some stragglers where the default did not trigger,

and subtracting the packages where PIE was too tricky currently (emacs,

qemu, small number of others), I would estimate a 97% coverage at

this time. An rpmlint check will be added.



Ciao, Marcus

--

To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx

To contact the owner, email: opensuse-project+owner@xxxxxxxxxxxx



