From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3431-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QhU2g-0004Yy-7R
	for garchives@archives.gentoo.org; Thu, 14 Jul 2011 22:05:59 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9C1C221C19C
	for <garchives@archives.gentoo.org>; Thu, 14 Jul 2011 22:05:57 +0000 (UTC)
Received: from mail-gw0-f53.google.com (mail-gw0-f53.google.com [74.125.83.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id B786421C16A
	for <gentoo-hardened@lists.gentoo.org>; Thu, 14 Jul 2011 21:46:22 +0000 (UTC)
Received: by gwj20 with SMTP id 20so396690gwj.40
        for <gentoo-hardened@lists.gentoo.org>; Thu, 14 Jul 2011 14:46:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=uVQMel6FP/fdgchMOqvzkr0x0f0S52PpLq1ro40EO80=;
        b=BUYqIM7PsQQQiWNo1ywfDL7dYVVI546I5hzL/fA4Cn7RZcJ9s3Ue2McqWXPsYc9oZ9
         V7hiMPV1fmcTnYH8UMRuMzIl0dIrey4i6CoRP2zBv4idV8vTEQnZVEmY3Azcjhw2trq7
         0Vhvjf/oKTLAsAV++l9Yaza8ErPVhglkJQqwc=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.90.249.39 with SMTP id w39mr2900927agh.65.1310679982117; Thu,
 14 Jul 2011 14:46:22 -0700 (PDT)
Received: by 10.90.70.16 with HTTP; Thu, 14 Jul 2011 14:46:22 -0700 (PDT)
In-Reply-To: <87ei1szxrz.wl%oehme.markus@gmx.de>
References: <87ei1tb31u.wl%oehme.markus@gmx.de>
	<4E1EF21C.1090505@gentoo.org>
	<87ei1szxrz.wl%oehme.markus@gmx.de>
Date: Thu, 14 Jul 2011 16:46:22 -0500
Message-ID: <CADhbkgk0zstEB0D1a3_vsRZs41EUrMNTFd+PnpAsVw1XtgeTaw@mail.gmail.com>
Subject: Re: [gentoo-hardened] mprotect question
From: Matthew Summers <msummers42@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: ea984bb8fbf66d23fb3ba53912f4cea4

On Thu, Jul 14, 2011 at 10:29 AM, Markus Oehme <oehme.markus@gmx.de> wrote:
> Hi Anthony,
>
> At Thu, 14 Jul 2011 09:41:48 -0400,
> Anthony G. Basile wrote:
>> It looks like you missed something in the process. =C2=A0The steps to
>> converting are (skipping details):
>>
>> 1) switch profile
>> 2) recompile the toolchain: emerge glibc gcc binutils
>> 3) recompile system: emerge -e system
>> 4) recompile world: emerge -e world
>
> I did executed all steps in this order and rebuilt all packages. Just now=
 I
> did some tries and recompiled some of the packages which fail. However th=
is
> changed nothing.
>
> One thing that should possibly be said: I'm using gcc-4.6.1. I was using =
gcc
> 4.6.0 for quite some time on ~amd64 ere I switched to hardened last week.=
 =C2=A0I
> didn't encounter any special problems during the transition.
>
>> If you didn't do these, its possible you have some =C2=A0binaries left t=
hat
>> will trigger pax violations.
>>
>> One way to quickly check if you got hardened binaries is to use a script
>> called checksec.sh [1] and run it on /bin or /sbin. =C2=A0You should see=
 that
>> all your binaries have FULL RELRO, STACK CANARY, NX, PIE and ASLR.
>
> I just executed the script for /bin and the result [1] was very mixed. Ne=
arly all
> binaries have FULL RELRO and PIE, but most have no STACK CANARY and NX. I
> checked whether this could be changed and rebuilt coreutils twice, but th=
e
> output was the same every time.
>
> However this seems not to be a big problem since the system is currently
> running normal (Xfce desktop session) with my current list [2] of excepti=
ons
> to mprotect which contains only binaries under /usr.
>
>
> Thanks for the advice.
>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Markus
>
> [1]
>
> RELRO =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 STACK CANARY =C2=A0 =C2=A0 =C2=
=A0NX =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0PIE =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 FILE
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/a=
ttr
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/basename
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/b=
ash
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/bsdcpio
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/bsdtar
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/btrfs-debug-tree
> Partial RELRO =C2=A0 No canary found =C2=A0 NX disabled =C2=A0 No PIE =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/bin/busybox
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/bzip2
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/cat
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/c=
hacl
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/chgrp
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/chmod
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/chown
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/chroot
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/cp
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/cpio
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/cut
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/date
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/dd
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/df
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/dir
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/dirname
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/dmesg
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/du
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/echo
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/e=
d
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/egrep
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/env
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/expr
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/false
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/fgrep
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/findmnt
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/fuser
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/g=
awk
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/g=
etfacl
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/g=
etfattr
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/grep
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/groups
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/gzip
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/head
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/h=
ostname
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/kill
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/ln
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/login
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/ls
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/lsblk
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/lsmod
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/m=
ail
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/m=
bchk
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/mkdir
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/mkfifo
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/mknod
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/mktemp
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/more
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binmount
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/m=
ountpoint
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/mv
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/nano
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/n=
etstat
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binpasswd
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binpi=
ng
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binpi=
ng6
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/ps
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/pwd
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/readlink
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/rm
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/rmdir
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/run-parts
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/sed
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/seq
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/s=
etfacl
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/s=
etfattr
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/sleep
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/sort
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/stty
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binsu
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/sync
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/tail
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/tar
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/t=
csh
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/tempfile
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/touch
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/tr
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/true
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/tty
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /binumount
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/uname
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/vdir
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/wc
> Full RELRO =C2=A0 =C2=A0 =C2=A0No canary found =C2=A0 NX disabled =C2=A0 =
PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/yes
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/z=
sh
> Full RELRO =C2=A0 =C2=A0 =C2=A0Canary found =C2=A0 =C2=A0 =C2=A0NX enable=
d =C2=A0 =C2=A0PIE enabled =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /bin/z=
sh-4.3.12
>
>
>
> [2]
>
> /usr/bin/emacs-23
> /usr/bin/gkrellm
> /usr/bin/perl
> /usr/bin/python2.7
> /usr/bin/spamc
> /usr/bin/ssh
> /usr/bin/sudo
> /usr/bin/Terminal
> /usr/bin/xchat
> /usr/bin/xfce4-mixer
> /usr/bin/xfce4-panel
> /usr/bin/xfce4-session
> /usr/bin/xfce4-session-logout
> /usr/bin/xfconf-query
> /usr/bin/xfdesktop
> /usr/bin/Xorg
> /usr/bin/xscreensaver
> /usr/games/bin/enigma
> /usr/lib64/courier/courier-authlib/authdaemond
> /usr/lib64/xfce4/xfconf/xfconfd
> /usr/libexec/gcc/x86_64-pc-linux-gnu/4.6.1/cc1
> /usr/libexec/gcc/x86_64-pc-linux-gnu/4.6.1/cc1plus
> /usr/libexec/gcc/x86_64-pc-linux-gnu/4.6.1/lto1
> /usr/libexec/git-core/git
> /usr/libexec/polkitd
> /usr/libexec/udisks-daemon
> /usr/libexec/xfce4/panel-plugins/xfce4-mixer-plugin
> /usr/sbin/collectd
> /usr/sbin/console-kit-daemon
>
>
> --
> Aoccdrnig to a threoy, it deosn't mttaer in waht oredr the ltteers in a w=
rod
> are, the olny iprmoatnt tihng is taht the frist and lsat ltteer are in th=
e
> rghit pclae. The rset can be a taotl mses and you can sitll raed it in ms=
ot
> csaes. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istle=
f,
> but the wrod as a wlohe. And I awlyas thought slpeling was ipmorantt.
>
>

Hi there,

What is the output of gcc-config -l ?You should see something like the
following (versions will be different).
 [1] x86_64-pc-linux-gnu-4.4.5 *
 [2] x86_64-pc-linux-gnu-4.4.5-hardenednopie
 [3] x86_64-pc-linux-gnu-4.4.5-hardenednopiessp
 [4] x86_64-pc-linux-gnu-4.4.5-hardenednossp
 [5] x86_64-pc-linux-gnu-4.4.5-vanilla

The asterisk will be next to the one you have selected, which in this
case is the first in the list (it is hardened).

Cheers
--=20
M. Summers

"...there are no rules here -- we're trying to accomplish something."
=C2=A0 - Thomas A. Edison