Gentoo Archives: gentoo-user

From: Michael Orlitzky <mjo@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Canary Pies
Date: Sun, 17 Dec 2017 14:42:59
Message-Id: 2636e513-6ed8-01fb-17f3-d2906312cc9c@gentoo.org
In Reply to: [gentoo-user] Canary Pies by tuxic@posteo.de
On 12/16/2017 10:43 PM, tuxic@××××××.de wrote:
> Hi, > > Currently I am scanning directories of my system with checksec to > identify relevant files of haveing "No PIE" or "No canary found" set. > > Is there any technical reason for which such files cannot be compiled > in a way so they have "PIE" and "Canary found" set ?
Some packages with hand-written assembly will fail to compile with the stack-smashing protection enabled. That should be rare, though. For PIE I'm not sure.
> How "dangerous" is that ?
Not very, but it depends on the package. If it's a game, who cares. If it's a library used by firefox, you probably want the extra protection.