New submission from Jason Culligan <jason.culli...@intel.com>:
The python3.6 binary supplied in Ubuntu distros is not compiled with Position Independent Code (PIE) protection enabled. Python2 does. Is this not seen as a problem? Example 1: (checksec) ============ FILE: /usr/bin/python2 RELRO: Full RELRO STACK CANARY: Canary found NX: NX enabled PIE: PIE enabled <<< RPATH: No RPATH RUNPATH: No RUNPATH Symbols: No Symbols FORTIFY: Yes Fortified: 14 Fortifiable: 32 FILE: /usr/bin/python3.6 RELRO: Partial RELRO <<< ISSUE >>> STACK CANARY: Canary found NX: NX enabled PIE: No PIE <<< ISSUE >>> RPATH: No RPATH RUNPATH: No RUNPATH Symbols: No Symbols FORTIFY: Yes Fortified: 18 Fortifiable: 42 Example 2: ============ $ hardening-check /usr/bin/python2 /usr/bin/python2: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes $ hardening-check /usr/bin/python3.6 /usr/bin/python3.6: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! ---------- components: Build messages: 359986 nosy: hpawdjit priority: normal severity: normal status: open title: Python 3.6 compiler protections from Ubuntu distros type: security versions: Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue39332> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
