Re: Switch on compiler hardening defaults
On Tue, 2009-10-27 at 15:48 +0800, Paul Wise wrote:
The thing is,..
A patch like PaX would (IMHO) improve security a lot,... and it would be
worth thinking for a distribution, whether to take this burden and to
manually maintain it...
Apart from that,.. if something like PaX is used in a mainline distro,
it could get a development boost and perhaps be even included in the
vanilla tree at some time.
As PaX needs PIC as far as I remember, this decision would have to be
made at a global level for the distribution anyway, as everything would
have to be compiled with PIC.