Lintian ReportsBETA

Whardening-no-pie

Tag versions

The tag is present in Lintian version 2.104.319. That is the most recent version we know about.

This package provides an ELF executable that was not compiled as a position independent executable (PIE).

In Debian, since version 6.2.0-7 of the gcc-6 package GCC will compile ELF binaries with PIE by default. In most cases a simple rebuild will be sufficient to remove this tag.

PIE is required for fully enabling Address Space Layout Randomization (ASLR), which makes "Return-oriented" attacks more difficult.

Historically, PIE has been associated with noticeable performance overhead on i386. However, GCC >= 5 has implemented an optimization that can reduce the overhead significantly.

If you use dpkg-buildflags with hardening=+all,-pie in DEB_BUILD_MAINT_OPTIONS, remove the -pie.

Please refer to https://wiki.debian.org/Hardening, https://gcc.gnu.org/gcc-5/changes.html, and https://software.intel.com/en-us/blogs/2014/12/26/new-optimizations-for-x86-in-upcoming-gcc-50-32bit-pic-mode for details.

Visibility: warning

Check: binaries

The following 224 source packages in the archive triggered the tag 4262 times.

We found 3294 overrides. The tag performed 23% of the time.