Gentoo Archives: gentoo-user

From: Michael Orlitzky <mjo@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Canary Pies
Date: Sun, 17 Dec 2017 14:42:59
Message-Id: 2636e513-6ed8-01fb-17f3-d2906312cc9c@gentoo.org
In Reply to: [gentoo-user] Canary Pies by tuxic@posteo.de
1 On 12/16/2017 10:43 PM, tuxic@××××××.de wrote:
2 > Hi,
3 >
4 > Currently I am scanning directories of my system with checksec to
5 > identify relevant files of haveing "No PIE" or "No canary found" set.
6 >
7 > Is there any technical reason for which such files cannot be compiled
8 > in a way so they have "PIE" and "Canary found" set ?
9
10 Some packages with hand-written assembly will fail to compile with the
11 stack-smashing protection enabled. That should be rare, though. For PIE
12 I'm not sure.
13
14
15 > How "dangerous" is that ?
16
17 Not very, but it depends on the package. If it's a game, who cares. If
18 it's a library used by firefox, you probably want the extra protection.