--- wikisrc/pkgsrc/hardening.mdwn	2017/11/12 15:02:00	1.36
+++ wikisrc/pkgsrc/hardening.mdwn	2017/11/12 15:12:49	1.37
@@ -67,12 +67,14 @@ More details can be found here:
 ### PKGSRC_MKPIE
 
 This requests the creation of PIE (Position Independent Executables) for all
-executables. The PIE mechanism is normally used for shared libraries so that
+executables. The PIE mechanism is normally used for shared libraries, so that
 they can be loaded at differing addresses at runtime. PIE itself does not have
-useful security properties.  However, some operating systems support Address
-Space Layout Randomization (ASLR), which causes different addresses to be used
-each time a program is run. This makes it more difficult for an attacker to
-guess addresses and thus makes exploits harder to construct.
+useful security properties; however, it is necessary to fully leverage some,
+such as ASLR.  Some operating systems support Address Space Layout Randomization
+(ASLR), which causes different addresses to be used each time a program is run.
+This makes it more difficult for an attacker to guess addresses and thus makes
+exploits harder to construct. With PIE, ASLR can really be applied to the entire
+program, instead of the stack and heap only.
 
 PIE executables will only be built for toolchains that are known to support PIE.
 Currently, this means NetBSD on amd64 and i386.