Lintian ReportsBETA

hardening-no-pie

This package provides an ELF executable that was not compiled as a position independent executable (PIE).

In Debian, since version 6.2.0-7 of the gcc-6 package GCC will compile ELF binaries with PIE by default. In most cases a simple rebuild will be sufficient to remove this tag.

PIE is required for fully enabling Address Space Layout Randomization (ASLR), which makes "Return-oriented" attacks more difficult.

Historically, PIE has been associated with noticeable performance overhead on i386. However, GCC >= 5 has implemented an optimization that can reduce the overhead significantly.

If you use dpkg-buildflags with hardening=+all,-pie in DEB_BUILD_MAINT_OPTIONS, remove the -pie.

For more information please consult:

The tag is present in Lintian version 2.114.163. That is the most recent version we know about.

We use semantic versions. The patch number is a commit step indicator relative to the 2.114.0 release tag in our Git repository.

You can find the detection logic for this version at commit ca97c3a. For merge requests, please use the latest version in the Lintian check binaries/hardening.

Visibility: warning

The following 223 source packages in the archive triggered the tag 3854 times (in any Lintian version).

We found 3043 overrides. The tag performed 21% of the time.