I'm a big fan of Iron on Linux, thanks for what you are doing, comrades.
As you may know a browser exploit can bypass the NX-bit + ASLR pretty easily.
But if you add PIE (position independent executable), that increases anti-exploitation by ORDERS of magnitude.
I readed that chromium is PIE-enabled, so adding a simple -fPIE-ish flag to gcc shouldn't be a big deal. Of course, there is a performance penalty in having PIE, but I hear it is negligeble on x86-64 platforms.
Are there any considerations why you would not choose to compile Iron with PIE on Linux?
Linux build enable PIE
