From their summary:
To the best of our knowledge, all systemd-based Linux distributions are
vulnerable, but SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora
28 and 29 are not exploitable because their user space is compiled with
At least after a first glimpse NixOS doesn’t utilize that compiler flag yet. So should we aim for enabling that in NixOS as well?
What other hardening flags does NixOS use so far (PIE, stack canaries, …)?
Here’s the related Gentoo bug for reference: https://bugs.gentoo.org/show_bug.cgi?id=675050