public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Canary  Pies
@ 2017-12-17  3:43 tuxic
  2017-12-17 14:42 ` Michael Orlitzky
  0 siblings, 1 reply; 2+ messages in thread
From: tuxic @ 2017-12-17  3:43 UTC (permalink / raw
  To: Gentoo

Hi,

Currently I am scanning directories of my system with checksec to
identify relevant files of haveing "No PIE" or "No canary found" set.

Is there any technical reason for which such files cannot be compiled
in a way so they have "PIE" and "Canary found" set ?

How "dangerous" is that ?

Cheers
Meino




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] Canary Pies
  2017-12-17  3:43 [gentoo-user] Canary Pies tuxic
@ 2017-12-17 14:42 ` Michael Orlitzky
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Orlitzky @ 2017-12-17 14:42 UTC (permalink / raw
  To: gentoo-user

On 12/16/2017 10:43 PM, tuxic@posteo.de wrote:
> Hi,
> 
> Currently I am scanning directories of my system with checksec to
> identify relevant files of haveing "No PIE" or "No canary found" set.
> 
> Is there any technical reason for which such files cannot be compiled
> in a way so they have "PIE" and "Canary found" set ?

Some packages with hand-written assembly will fail to compile with the
stack-smashing protection enabled. That should be rare, though. For PIE
I'm not sure.


> How "dangerous" is that ?

Not very, but it depends on the package. If it's a game, who cares. If
it's a library used by firefox, you probably want the extra protection.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-12-17 14:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-17  3:43 [gentoo-user] Canary Pies tuxic
2017-12-17 14:42 ` Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox