I do believe pie is explicitly disabled when building Python 3.6. Using hardening-check on Ubuntu Bionic (from the devscripts package):
$ hardening-check /usr/bin/python3 /usr/bin/python3: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! Also from debian/rules in http://archive.ubuntu.com/ubuntu/pool/main/p/python3.6/python3.6_3.6.5-3.debian.tar.xz: export DEB_BUILD_MAINT_OPTIONS=hardening=-pie According to http://manpages.ubuntu.com/manpages/bionic/man1/dpkg- buildflags.1.html this syntax disables pie - it should be "+pie", and is enabled by default on Bionic: $ dpkg-buildflags --status dpkg-buildflags: status: vendor is Ubuntu dpkg-buildflags: status: future features: lfs=no dpkg-buildflags: status: hardening features: bindnow=no format=yes fortify=yes pie=yes relro=yes stackprotector=yes stackprotectorstrong=yes dpkg-buildflags: status: qa features: bug=no canary=no dpkg-buildflags: status: reproducible features: fixdebugpath=yes timeless=yes dpkg-buildflags: status: sanitize features: address=no leak=no thread=no undefined=no ... with the environment variable set: $ DEB_BUILD_MAINT_OPTIONS=hardening=-pie dpkg-buildflags --status dpkg-buildflags: status: environment variable DEB_BUILD_MAINT_OPTIONS=hardening=-pie dpkg-buildflags: status: vendor is Ubuntu dpkg-buildflags: status: future features: lfs=no dpkg-buildflags: status: hardening features: bindnow=no format=yes fortify=yes pie=no relro=yes stackprotector=yes stackprotectorstrong=yes dpkg-buildflags: status: qa features: bug=no canary=no dpkg-buildflags: status: reproducible features: fixdebugpath=yes timeless=yes dpkg-buildflags: status: sanitize features: address=no leak=no thread=no undefined=no ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title: Python interpreter binary is not compiled as PIE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1452115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
