14 DAY TRIAL // After finishing the transition of the GCC (GNU Compiler Collection) 7 to the Tumbleweed repos as the default compiler, it looks like the rolling GNU/Linux distro is now built with PIE (Position Independent Executables) by default.
OK, so what's PIE? In computing, PIE, which is an acronym for Position Independent Executables and it's also known as PIC (Position Independent Code), is a feature that loads executable binaries compiled with PIE support at random memory addresses, disallowing text relocation.
openSUSE Project's Marcus Meissner announced that OpenSuSE Tumbleweed now ships with binary packages compiled with PIE support by default, which he says that it could be achieved by a GCC defaults override in the "gcc-PIE" package. PIE is a security feature that would make attacks much harder on GNU/Linux systems.
"Tumbleweed is now built with PIE (Position Independent Executables) as default. [...] This allows full ASLR (address space randomization) for all binaries without specific need to change your actual package, making attacks much harder," says Marcus Meissner in the mailing list announcement.
PIE makes Return Oriented Programming (ROP) attacks more difficult to execute
According to a report from Red Hat, a PIE-enabled binary is being loaded into random locations within the virtual memory, along with all of its dependencies, each time the respective application is executed, which makes Return Oriented Programming (ROP) attacks more difficult to execute.
So make sure you always keep your openSUSE Tumbleweed installations up-to-date to receive the most recent security improvements and bug fixes. It looks like other popular GNU/Linux distributions are adopting PIE for their binaries, such as the upcoming Ubuntu 17.10 (Artful Aardvark) operating system.
openSUSE Tumbleweed is a rolling release operating system so you won't have to download a new ISO image every time you want to update your installation. A healthy Tumbleweed install will always receive the most recent GNU/Linux technologies and software versions.