Because PIE is only supposed to be on long running apps and setuid apps. IfOn Wednesday, April 03, 2013 01:48:17 PM Miloslav Trmač wrote:
> On Tue, Apr 2, 2013 at 9:57 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> > On Saturday, March 30, 2013 08:54:30 AM Dhiru Kholia wrote:
> > > "_hardened_build" rpm spec macro can be used to harden a package.
> > >
> > > For an example, see
> > > http://pkgs.fedoraproject.org/cgit/clamav.git/tree/clamav.spec
> >
> > This flag is overly aggressive. We have a list of programs that need PIE
> > enabled and doing more isn't necessarily constructive.
>
> Why exactly it "isn't necessarily constructive"? If you have hard data,
> please share :)
its on everything, it will slow the system down too much and then you have the
knee jerk reaction to remove it from anything. We want it applied when needed
and otherwise not.