16 Apr
2012
16 Apr
'12
9:39 a.m.
With more and more distros and even android employing gccs -fpie for building packages, should Arch consider enabling it. For my users it would mean less programs being killed by the grsecurity kernel due to text relocation attempts. No complaints yet as I have a sandboxed flash browser but eventually there may be one about x264/mp4. For everyone else it would mean a more secure system due to better use of ASLR. Are complications like static binaries an issue arch simply hasn't the time to deal with (does gcc work around them automatically now?) and do users care more about adding upto a few seconds to the start up time of some programs on x86 over security?