hardening-no-pie

This package provides an ELF executable that was not compiled as a position independent executable (PIE).

In Debian, since version 6.2.0-7 of the gcc-6 package GCC will compile ELF binaries with PIE by default. In most cases a simple rebuild will be sufficient to remove this tag.

PIE is required for fully enabling Address Space Layout Randomization (ASLR), which makes "Return-oriented" attacks more difficult.

Historically, PIE has been associated with noticeable performance overhead on i386. However, GCC >= 5 has implemented an optimization that can reduce the overhead significantly.

If you use dpkg-buildflags with hardening=+all,-pie in DEB_BUILD_MAINT_OPTIONS, remove the -pie.

Severity:	warning
Experimental:	false

See also

• https://wiki.debian.org/Hardening

• https://gcc.gnu.org/gcc-5/changes.html

• https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode

• list of all the affected packages
• the source of this tag

Generated by Lintian SSG v0.7.0-28-g559962f (lintian v2.118.1) on Sat, 07 Sep 2024 19:15:02 UTC - Source code and bugs
Copyright © 1998-2024 Lintian authors

Hosted by CLUB1