checksec:
kdm 1968 Partial RELRO Canary found NX enabled No PIE
* no "FULL RELRO"
* no PIE
kdm is a long-living process running even as root
______________________________________
If your package meets any of the following criteria you MUST enable the PIE compiler flags:
Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle.
Your package has suid binaries, or binaries with capabilities.
Your package runs as root.
If your package meets the following criteria you should consider enabling the PIE compiler flags:
Your package accepts/processes untrusted input.