Moritz Mühlenhoff <j...@inutil.org> writes: > Right now -pie is not in the default set of hardening flags for > Wheezy. It will likely be enabled after Wheezy at least for amd64 and > other archs with sufficient registers, so setting hardening=-pie can't > hurt.
It won't hurt, but I'm skeptical we'll be able to make PIE the default. Not only does it break all add-on modules that don't use libtool but pass linker flags directly to the build (affecting not only Perl but also Python, PHP, etc.; I tested with remctl just to see what would happen, and it pretty much broke all the interpretor build systems), but I've had it just break otherwise normal code. gnubg, for example, will immediately die with "Killed" if built with PIE. (I didn't investigate further, since gnubg is not the sort of program that has much security exposure.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
