python 3.11 is not PIE, but it should be
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python3.11 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello,
if I understood correctly, the Python from version 3.10 should be compiled as a PIE (position independent executable). That is why there are the new packages python3-nopie, python3.10-nopie and python3.11-nopie.
But the Python 3.11 from package python3.11-minimal, version 3.11.0~rc1-1~22.04, arch arm64 is not a PIE.
$ file /usr/bin/
/usr/bin/
the same using hardening-check:
$ hardening-check /usr/bin/
/usr/bin/
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: no, not found!
Stack clash protection: unknown, no -fstack-
Control flow integrity: no, not found!
While the python3.10-minimal is a PIE.
$ file /usr/bin/
/usr/bin/
$ hardening-check /usr/bin/
/usr/bin/
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Stack clash protection: unknown, no -fstack-
Control flow integrity: no, not found!
I know the packages are probably from Debian Bookworm. I've checked their amd64 and arm64 packages python3.
I've reported the bug also to Debian. See https:/