* [gentoo-user] Canary Pies
@ 2017-12-17 3:43 tuxic
2017-12-17 14:42 ` Michael Orlitzky
0 siblings, 1 reply; 2+ messages in thread
From: tuxic @ 2017-12-17 3:43 UTC (permalink / raw
To: Gentoo
Hi,
Currently I am scanning directories of my system with checksec to
identify relevant files of haveing "No PIE" or "No canary found" set.
Is there any technical reason for which such files cannot be compiled
in a way so they have "PIE" and "Canary found" set ?
How "dangerous" is that ?
Cheers
Meino
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-user] Canary Pies
2017-12-17 3:43 [gentoo-user] Canary Pies tuxic
@ 2017-12-17 14:42 ` Michael Orlitzky
0 siblings, 0 replies; 2+ messages in thread
From: Michael Orlitzky @ 2017-12-17 14:42 UTC (permalink / raw
To: gentoo-user
On 12/16/2017 10:43 PM, tuxic@posteo.de wrote:
> Hi,
>
> Currently I am scanning directories of my system with checksec to
> identify relevant files of haveing "No PIE" or "No canary found" set.
>
> Is there any technical reason for which such files cannot be compiled
> in a way so they have "PIE" and "Canary found" set ?
Some packages with hand-written assembly will fail to compile with the
stack-smashing protection enabled. That should be rare, though. For PIE
I'm not sure.
> How "dangerous" is that ?
Not very, but it depends on the package. If it's a game, who cares. If
it's a library used by firefox, you probably want the extra protection.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-12-17 14:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-17 3:43 [gentoo-user] Canary Pies tuxic
2017-12-17 14:42 ` Michael Orlitzky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox