On 16 April 2012 11:39, Kevin Chadwick <[email protected]> wrote: > > With more and more distros and even android employing gccs -fpie for > building packages, should Arch consider enabling it. > > For my users it would mean less programs being killed by the > grsecurity kernel due to text relocation attempts. No complaints yet as > I have a sandboxed flash browser but eventually there may be one about > x264/mp4. > > For everyone else it would mean a more secure system due to better use > of ASLR. > > Are complications like static binaries an issue arch simply hasn't the > time to deal with (does gcc work around them automatically now?) and do > users care more about adding upto a few seconds to the start up time of > some programs on x86 over security?
I'm against using PIC for executables, since it hursts speed (especially on 32bit). Lukas
