On Fri, Jul 18, 2008 at 5:41 PM, Jukka Ruohonen
<jukka.ruohonen%iki.fi@localhost> wrote:
On Fri, Jul 18, 2008 at 05:58:14PM -0400, Christos Zoulas wrote:
> You can build everything PIE if you set MKPIE=yes in /etc/mk.conf.
> Note that I have not built a complete PIE system, or turned on
> security.pax.aslr.global. If you do that you are on your own :-)
Few words about personal experiences.
I haven't tried building a system with MKPIE=yes lately because it was
broken a long time somewhere in the path of 4.99.x. Compared to this,
USE_SSP=yes has been much more stable.
But I have used security.pax.aslr.global ever since it was introduced. As
long as I remember to temporarily turn it off when compiling something,
everything is fine and haven't noticed any stability or performance impacts
whatsoever.
Regards,
Jukka R.