1 |
On 12/16/2017 10:43 PM, tuxic@××××××.de wrote: |
2 |
> Hi, |
3 |
> |
4 |
> Currently I am scanning directories of my system with checksec to |
5 |
> identify relevant files of haveing "No PIE" or "No canary found" set. |
6 |
> |
7 |
> Is there any technical reason for which such files cannot be compiled |
8 |
> in a way so they have "PIE" and "Canary found" set ? |
9 |
|
10 |
Some packages with hand-written assembly will fail to compile with the |
11 |
stack-smashing protection enabled. That should be rare, though. For PIE |
12 |
I'm not sure. |
13 |
|
14 |
|
15 |
> How "dangerous" is that ? |
16 |
|
17 |
Not very, but it depends on the package. If it's a game, who cares. If |
18 |
it's a library used by firefox, you probably want the extra protection. |