[issue20949] Missing platform security integrations

Ammar Askar Mon, 13 Dec 2021 12:01:54 -0800


Ammar Askar <am...@ammaraskar.com> added the comment:


Hi Jeffrey, your second solution where you omit `-pie` is almost there. Instead 
of modifying the Makefile you can pass `-pie` in `LINKFORSHARED`:


export CFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2"
export CXXFLAGS="-fPIC -fstack-protector-all -D_FORTIFY_SOURCE=2"
export LDFLAGS="-Wl,-z,noexecstack -Wl,-z,noexecheap -Wl,-z,now -Wl,-z,relro"
export LINKFORSHARED="-pie"

$ checksec ./python
[*] '/home/ammar/workspace/cpython/python'
    Arch:     amd64-64-little
    RELRO:    Full RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
    FORTIFY:  Enabled

----------
nosy: +ammar2

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue20949>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20949] Missing platform security integrations

Reply via email to