What’s up with this? The output for checksec.sh shows the vast majority of packages running PIE’less.
How is this still the case? Some of these are SUID binaries (pulseaudio) and it’s really weird that they aren’t PIE enabled. Quite a few are missing stack canaries as well.
edit: After looking most of these seem to be related to Unity. I looked a few up and removed them as I don’t need them. Better, but not great – I don’t mind that my indicator-cpufreq doesn’t support PIE, what I mind is Ubuntu shipping with so many not using PIE/ stack canaries.
edit2: A user commented explaining that on x86 there is a significant performance impact. I was actually aware of this but I didn’t realize how significant. The thing is, I’m on 64bit, and I don’t really want PIE on *every* executable file.
The issue is not that *every* package is not using PIE. It’s that so many packages that seem ‘security critical’ are not using PIE eg: I don’t care so much that hud-service is running without PIE but I do care that Pulseaudio (SUID) and DNSMasq are running without PIE.