Comparing the *nix binary to Windows one, it seems that Kleopatra in Debian's repository has PIE/SP enabled:
$ ./hardening-check.pl /usr/bin/kleopatra /usr/bin/kleopatra: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! Stack clash protection: unknown, no -fstack-clash-protection instructions found Control flow integrity: unknown, no -fcf-protection instructions found!
While on Windows, neither DEP nor ASLR are enabled:
Would it be possible to compile Kleo (and, ideally, other binaries) with DEP/ASLR enabled?