On 12/16/2017 10:43 PM, tu...@posteo.de wrote: > Hi, > > Currently I am scanning directories of my system with checksec to > identify relevant files of haveing "No PIE" or "No canary found" set. > > Is there any technical reason for which such files cannot be compiled > in a way so they have "PIE" and "Canary found" set ?
Some packages with hand-written assembly will fail to compile with the stack-smashing protection enabled. That should be rare, though. For PIE I'm not sure. > How "dangerous" is that ? Not very, but it depends on the package. If it's a game, who cares. If it's a library used by firefox, you probably want the extra protection.
