slimm609/checksec.sh

For shared library, checking PIE always returns 'DSO' after glibc 2.30

HongzhenZhou opened this issue · 0 comments

Issue

From glibc 2.30, it is not possible to use dlopen() to load a PIE shared library object file:

https://sourceware.org/bugzilla/show_bug.cgi?id=24323

So a shared library file can only be compiled without "-pie" which means any new compiled shared library files will not be flaged as 'yes' in 'PIE enabled' checking. Is it better to check 'PIC enabled' against a shared library file rather than 'PIE enabled'? Only check "PIE enabled" against a exectrable file? Thanks!