Message 408480 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ammar2
Recipients	Jeffrey.Walton, ammar2
Date	2021-12-13.20:01:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1639425701.54.0.191231390283.issue20949@roundup.psfhosted.org>
In-reply-to

Content
Hi Jeffrey, your second solution where you omit `-pie` is almost there. Instead of modifying the Makefile you can pass `-pie` in `LINKFORSHARED`: export CFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2" export CXXFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2" export LDFLAGS="-Wl,-z,noexecstack -Wl,-z,noexecheap -Wl,-z,now -Wl,-z,relro" export LINKFORSHARED="-pie" $ checksec ./python [*] '/home/ammar/workspace/cpython/python' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled FORTIFY: Enabled

Hi Jeffrey, your second solution where you omit `-pie` is almost there. Instead of modifying the Makefile you can pass `-pie` in `LINKFORSHARED`:


export CFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2"
export CXXFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2"
export LDFLAGS="-Wl,-z,noexecstack -Wl,-z,noexecheap -Wl,-z,now -Wl,-z,relro"
export LINKFORSHARED="-pie"

$ checksec ./python
[*] '/home/ammar/workspace/cpython/python'
    Arch:     amd64-64-little
    RELRO:    Full RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
    FORTIFY:  Enabled

History
Date	User	Action	Args
2021-12-13 20:01:41	ammar2	set	recipients: + ammar2, Jeffrey.Walton
2021-12-13 20:01:41	ammar2	set	messageid: <1639425701.54.0.191231390283.issue20949@roundup.psfhosted.org>
2021-12-13 20:01:41	ammar2	link	issue20949 messages
2021-12-13 20:01:41	ammar2	create