This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hpawdjit
Recipients hpawdjit
Date 2020-01-14.18:25:50
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1579026350.83.0.0617094618953.issue39332@roundup.psfhosted.org>
In-reply-to
Content 
The python3.6 binary supplied in Ubuntu distros is not compiled with Position Independent Code (PIE) protection enabled.  Python2 does.  Is this not seen as a problem?

Example 1:
(checksec)
============

FILE:	/usr/bin/python2
RELRO:	Full RELRO
STACK CANARY:	Canary found
NX:	NX enabled
PIE:	PIE enabled <<<
RPATH:	No RPATH
RUNPATH:	No RUNPATH
Symbols:	No Symbols
FORTIFY:	Yes
Fortified:	14
Fortifiable:	32


FILE:	/usr/bin/python3.6
RELRO:	Partial RELRO <<< ISSUE >>>
STACK CANARY:	Canary found
NX:	NX enabled
PIE:	No PIE <<< ISSUE >>>
RPATH:	No RPATH
RUNPATH:	No RUNPATH
Symbols:	No Symbols
FORTIFY:	Yes
Fortified:	18
Fortifiable:	42


Example 2:
============

$ hardening-check /usr/bin/python2
/usr/bin/python2:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

$ hardening-check /usr/bin/python3.6
/usr/bin/python3.6:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!
History
Date User Action Args
2020-01-14 18:25:50hpawdjitsetrecipients: + hpawdjit
2020-01-14 18:25:50hpawdjitsetmessageid: <1579026350.83.0.0617094618953.issue39332@roundup.psfhosted.org>
2020-01-14 18:25:50hpawdjitlinkissue39332 messages
2020-01-14 18:25:50hpawdjitcreate