On Thursday 26 January 2012 11:55:54 Jason A. Donenfeld wrote:
> On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vapier@gentoo.org> wrote:
> > pedantically, PIE+ASLR makes it significantly harder to exploit, not
> > impossible
> > 
> > if we could get some general performance numbers that show non-PIE vs
> > PIE, that'd help make the case for turning PIE on by default regardless
> > of set*id.
> 
> For starters, though, what about just pooping a Q&A warning for non-PIE
> SUID? That way those packages could be fixed, and we'd have a little trial
> to see how PIE behaves across different platforms. If that all goes well,
> we bump up to default, but that's a far off discussion.

a QA warning doesn't help anyone if we don't have documentation in place 
explaining to people how to do this cleanly
-mike