based on the maps files, both cactid and nagios are PIEs. two questions:
are they the only PIEs on this system (that regularly run, that is) and
do you have PIEs on the other systems that don't show the symptomps?

I'm using the hardened/x86/2.6 profile which enables the pic use flag. Here's where my understanding gets hazy. PIC != PIE, but the two are related in that PIC creates position independent code, but not for executables? Anyways, how would I check?

Reading some wikipedia on this now to try and understand it a little better, but it didn't give me any insight as to how to read the maps file to determine whether or not it was a pie.

I re-emerged cacti-cactid and did not see pic or pie in the output at all. Is that just enabled by default by the compiler? It looks like it.


More details:

tux-mc hardened # gcc -v
Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/specs
Configured with: /var/tmp/portage/sys-devel/gcc-3.4.6-r2/work/gcc-3.4.6/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.6 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include/g++-v3 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --enable-secureplt --disable-libunwind-exceptions --disable-multilib --disable-libgcj --enable-languages=c,c++ --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu
Thread model: posix
gcc version 3.4.6 (Gentoo Hardened 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10)

tux-mc hardened # equery hasuse pic
[ Searching for USE flag pic in all categories among: ]
 * installed packages
[I--] [  ] dev-lang/php-5.2.4_p20070914-r2 (5)
[I--] [  ] app-arch/gzip-1.3.12 (0)

tux-mc hardened # emerge --info
Portage 2.1.3.16 (hardened/x86/2.6, gcc-3.4.6, glibc-2.6.1-r0, 2.6.22-hardened-r8 i686)
=================================================================
System uname: 2.6.22-hardened-r8 i686 Intel(R) Xeon(TM) CPU 2.80GHz
Timestamp of tree: Sat, 03 Nov 2007 06:00:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.7.9-r1, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/hotplug /etc/hotplug.d /etc/init.d /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev /etc/udev/rules.d"
CXXFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
DISTDIR="/mnt/build/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="buildpkg ccache collision-protect metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/ ftp://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.tds.net/gentoo ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distfiles.gentoo.org";
MAKEOPTS="-j5"
PKGDIR="/mnt/build/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/mnt/build/portage"
PORTDIR_OVERLAY="/mnt/build/portage-local"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi apache2 bash-completion berkdb bzip2 caps chroot cracklib crypt erandom fam gmp gpm hardened jpeg lm_sensors logrotate maildir mmx ncurses nls nptl pam pcre perl pic png python readline smp snmp sse sse2 ssl syslog tcpd threads vhosts x86 xattr xml xpm" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to