Marco d'Itri: > On May 03, Josh Triplett <josh@joshtriplett.org> wrote: > >> While this doesn't make PIC absolutely free, it does eliminate almost >> all of the cost, to the point that it no longer seems worthwhile to >> build without -fPIC. Apart from that, building *all* code with -fPIC >> (including both programs and libraries) helps with hardening. > I think that this is worth exploring. > Did you check what other (relevant) distributions are doing? > Fedora seems to be doing -fPIE by default for executables[1] - targeting Fedora 23. Known issues they ran into can be found at [2]. I also found the following PPA [3]. Cannot say if it is official or just a personal interest from the PPA owner. FTR, I personally think we should consider this as well for Stretch. Thanks, ~Niels [1] https://fedoraproject.org/wiki/Changes/Harden_All_Packages?rd=Changes/Harden_all_packages_with_position-independent_code [2] https://bugzilla.redhat.com/show_bug.cgi?id=1199775 Tracking bug for FTBFS/seg. faults etc. caused by the "hardening by default" project. [3] https://launchpad.net/~sbeattie/+archive/ubuntu/gcc-pie-amd64
Attachment:
signature.asc
Description: OpenPGP digital signature