mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-21 20:15:17 +00:00
1150999ca4
PIE (position independent executable) adds security to executables by composing them entirely of position-independent code (PIC. The .so libraries already build with -fPIC. This adds -fPIE which is the equivalent to -fPIC, but for executables. This for allows Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>