On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vap...@gentoo.org> wrote: > > pedantically, PIE+ASLR makes it significantly harder to exploit, not > impossible > > if we could get some general performance numbers that show non-PIE vs PIE, > that'd help make the case for turning PIE on by default regardless of > set*id. >
For starters, though, what about just pooping a Q&A warning for non-PIE SUID? That way those packages could be fixed, and we'd have a little trial to see how PIE behaves across different platforms. If that all goes well, we bump up to default, but that's a far off discussion. > -mike >
