openSUSE Tumbleweed now full of PIE

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

openSUSE Tumbleweed now full of PIE

Marcus Meissner
Hi,

It might not have been obvious, but if you read Dominiques E-Mails, you will notice
that the transition to GCC 7 we also did another transition.

Tumbleweed is now built with PIE (Position Independend Executables) as default.

This is achieved by a gcc defaults override in the "gcc-PIE" package.

This allows full ASLR (address space randomization) for all binaries without
specific need to change your actual package, making attacks much harder.


While I am still fixing some stragglers where the default did not trigger,
and subtracting the packages where PIE was too tricky currently (emacs,
qemu, small number of others), I would estimate a 97% coverage at
this time. An rpmlint check will be added.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openSUSE Tumbleweed now full of PIE

Sebastian Parschauer
On 16.06.2017 12:42, Marcus Meissner wrote:

> Hi,
>
> It might not have been obvious, but if you read Dominiques E-Mails, you will notice
> that the transition to GCC 7 we also did another transition.
>
> Tumbleweed is now built with PIE (Position Independend Executables) as default.
>
> This is achieved by a gcc defaults override in the "gcc-PIE" package.
>
> This allows full ASLR (address space randomization) for all binaries without
> specific need to change your actual package, making attacks much harder.
>
>
> While I am still fixing some stragglers where the default did not trigger,
> and subtracting the packages where PIE was too tricky currently (emacs,
> qemu, small number of others), I would estimate a 97% coverage at
> this time. An rpmlint check will be added.

Finally. :) Great achievement! Thanks!

Ubuntu compiles the games as PIE since around 2012 already. With ugtrain
and scanmem I still have the only Linux game cheating tools with PIE
support.

Introducing PIE makes all other game trainers freezing/refilling static
memory values useless. :) Thanks for getting the competition out of the way!

Cheers,
Sebastian
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...