Message359986
The python3.6 binary supplied in Ubuntu distros is not compiled with Position Independent Code (PIE) protection enabled. Python2 does. Is this not seen as a problem?
Example 1:
(checksec)
============
FILE: /usr/bin/python2
RELRO: Full RELRO
STACK CANARY: Canary found
NX: NX enabled
PIE: PIE enabled <<<
RPATH: No RPATH
RUNPATH: No RUNPATH
Symbols: No Symbols
FORTIFY: Yes
Fortified: 14
Fortifiable: 32
FILE: /usr/bin/python3.6
RELRO: Partial RELRO <<< ISSUE >>>
STACK CANARY: Canary found
NX: NX enabled
PIE: No PIE <<< ISSUE >>>
RPATH: No RPATH
RUNPATH: No RUNPATH
Symbols: No Symbols
FORTIFY: Yes
Fortified: 18
Fortifiable: 42
Example 2:
============
$ hardening-check /usr/bin/python2
/usr/bin/python2:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
$ hardening-check /usr/bin/python3.6
/usr/bin/python3.6:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no, not found! |
|
Date |
User |
Action |
Args |
2020-01-14 18:25:50 | hpawdjit | set | recipients:
+ hpawdjit |
2020-01-14 18:25:50 | hpawdjit | set | messageid: <1579026350.83.0.0617094618953.issue39332@roundup.psfhosted.org> |
2020-01-14 18:25:50 | hpawdjit | link | issue39332 messages |
2020-01-14 18:25:50 | hpawdjit | create | |
|