From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RpQ21-0001nJ-Eu for garchives@archives.gentoo.org; Mon, 23 Jan 2012 19:58:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C4E4EE09FB; Mon, 23 Jan 2012 19:58:12 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by pigeon.gentoo.org (Postfix) with ESMTP id 6B48AE0795 for ; Mon, 23 Jan 2012 19:57:48 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id C2D2110AFB4 for ; Mon, 23 Jan 2012 11:57:47 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; q=dns; s=zx2c4.com; b=PYuJNWQIQlusrPTxPES5fAdI5WHs Sbbtvgn1tMejlfah+w6Dau4TCBMKL6m4kTxgpvITpfYf4fyPsg5Ao8qfi8my19jo R4lvHtVQHAvPRaoMQcL3eZLOLK6WX+1338BMLQ8V4tgsEr7LwE+lKb0O3McI/OkG ZQ6JSlIHFNSJgh0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to: content-type; s=zx2c4.com; bh=hZlN0ugHkBC+f9+vZtBNLoIW0M8=; b=FB gkPsTedBBppIt6dYNzgyAf/a/qfa7+6/2z/z94lUwhgMBOqdUBhHCrukJnuRgwk+ wqFSfdglh5I+xt8yWdh8o0sRuvVMyVwZ45xSZ8esC2yW0Qc+v6JpggVFW19BVOH3 wDxoDosl+jxqidxlmfYzkXg+fjY0HtGJkqOVq5afM= Received: from mail-qy0-f181.google.com (mail-qy0-f181.google.com [209.85.216.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jason@zx2c4.com) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 8847810AFB1 for ; Mon, 23 Jan 2012 11:57:47 -0800 (PST) Received: by qcpx40 with SMTP id x40so2151142qcp.40 for ; Mon, 23 Jan 2012 11:57:46 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.229.78.89 with SMTP id j25mr3357227qck.46.1327348666824; Mon, 23 Jan 2012 11:57:46 -0800 (PST) Received: by 10.229.146.193 with HTTP; Mon, 23 Jan 2012 11:57:46 -0800 (PST) In-Reply-To: References: <1327346549.60706.35.camel@titan.home.flameeyes.eu> <1327347460.60706.44.camel@titan.home.flameeyes.eu> Date: Mon, 23 Jan 2012 20:57:46 +0100 Message-ID: Subject: Re: [gentoo-dev] Re: Can we get PIE on all SUID binaries by default, por favor? From: "Jason A. Donenfeld" To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 5ea6bf66-8176-4bea-82d9-313473f239c3 X-Archives-Hash: 2bbe5de1f388b98d6621e0e87a49481e To check for PIE, readelf -h /bin/su | grep Type If it says EXEC, no PIE. If it says DYN, yes PIE. -- sent from my mobile On 1/23/12, Mike Gilbert wrote: > On Mon, Jan 23, 2012 at 2:40 PM, Jason A. Donenfeld wrote: >> That way, package maintainers could fix things up bit by bit, without >> having >> to burden you alone with tinderbox troubles. > > How do I go about testing with PIE/ASLR on my own box? Is it just some > CFLAGS? > > A link to some documentation would or just a quick set of instructions > would be great. > >