On Tue, Jan 24, 2012 at 06:58, Mike Frysinger <vapier@gentoo.org> wrote:
>
> pedantically, PIE+ASLR makes it significantly harder to exploit, not
> impossible
>
> if we could get some general performance numbers that show non-PIE vs PIE,
> that'd help make the case for turning PIE on by default regardless of
> set*id.
>

For starters, though, what about just pooping a Q&A warning for non-PIE
SUID? That way those packages could be fixed, and we'd have a little trial
to see how PIE behaves across different platforms. If that all goes well,
we bump up to default, but that's a far off discussion.



> -mike
>