The Complete Magazine on Open Source

OpenSUSE Tumbleweed OS now includes PIE to uplift security

OpenSUSE Tumbleweed with PIE security integration

The OpenSUSE project is now using PIE by default in its Tumbleweed OS. The latest inclusion will enhance the security of the Linux distribution.

PIE (Position Independent Executables) loads executable binaries compiled at random memory addresses to disallow text relocation. According to the official announcement by Marcus Meissner of the OpenSUSE project, the latest Tumbleweed version is now shipped with binary packages compiled with PIE support.

The security feature is designed to make attacks much harder on OpenSUSE Tumbleweed installed systems. There is a gcc-PIE package in the Tumbleweed release that loads in random locations of the virtual memory. This helps packages to allow full ASLR (address space randomisation) for all binaries.

In PIE, you need not make any changes to your actual packages. The feature helps in preventing Return Oriented Programming (ROP) attacks.

OpenSUSE Tumbleweed users are recommended to keep their installations up-to-date to receive the latest security advancements.