On 18 Dec 2005 at 16:12, Matt Thomas wrote:
> PIE also forces a portion of .text to be nonshared (any relative relocations
> that could be fixed in a based image will no longer be shared among multiple
> processes).  It will increase the complexity of program loading which is
> already very complex.

uhm, not sure what you're talking about. PIEs have as many textrels as
shared libs, up to you compile all .o files with -fpie (vs. -fpic). in
practice, we have Hardened Gentoo fully PIE compiled and the usual textrels
only (that is, mostly in multimedia related shared libs that use lots
of non-PIC asm, we've also fixed a bunch of them already).

> Are all programs built/linked at PIE, or just a subset?

it's up to you what you want as PIE, Red Hat's enterprise distro uses
PIE for all network exposed daemons for example. for home grown solutions
there's Adamantix and Hardened Gentoo in the linux world, everything
but a few apps is a PIE. how you deploy it in NetBSD (if at all) is up
to you to decide.