[Bug 1452115] Re: Python interpreter binary is not compiled as PIE

Jeff Dileo Fri, 25 Feb 2022 13:41:14 -0800

Thanks @Giovanni Pellerano for bumping this again. I can confirm that
this is an issue in python3.9 (3.9.7, "3.9.7-2build1") and python3.10
(3.10.0, "3.10.0-2") on 21.10 (amd64). I imagine if nothing is done, the
upcoming 22.04 LTS will have the issue in its default python(3), which I
imagine will be some version of 3.10.


# python3 --version
Python 3.9.7
# ./checksec --file=/usr/bin/python3
RELRO           STACK CANARY      NX            PIE             RPATH      
RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No 
RUNPATH   No Symbols        Yes   14              39              
/usr/bin/python3

# python3.10 --version
Python 3.10.0
# ./checksec --file=/usr/bin/python3.10
RELRO           STACK CANARY      NX            PIE             RPATH      
RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No 
RUNPATH   No Symbols        Yes   14              39              
/usr/bin/python3.10

Alternatively, via `hardening-check` from the devscripts package:

# hardening-check /usr/bin/python3
/usr/bin/python3:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!
 Stack clash protection: unknown, no -fstack-clash-protection instructions found
 Control flow integrity: yes
# hardening-check /usr/bin/python3.10
/usr/bin/python3.10:
 Position Independent Executable: no, normal executable!
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: no, not found!
 Stack clash protection: unknown, no -fstack-clash-protection instructions found
 Control flow integrity: yes

** Also affects: python3.9 (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: python3.10 (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1452115

Title:
  Python interpreter binary is not compiled as PIE

To manage notifications about this bug go to:
https://bugs.launchpad.net/python/+bug/1452115/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1452115] Re: Python interpreter binary is not compiled as PIE

Reply via email to