Description of problem: When I ran sudo checksec --kernel with checksec 1.8.0 I got the following * Kernel protection information: Description - List the status of kernel protection mechanisms. Rather than inspect kernel mechanisms that may aid in the prevention of exploitation of userspace processes, this option lists the status of kernel configuration options that harden the kernel itself against attack. Kernel config: /boot/config-4.18.9-200.fc28.i686 Warning: The config on disk may not represent running kernel config! Vanilla Kernel ASLR: Full Protected symlinks: Enabled Protected hardlinks: Enabled Ipv4 reverse path filtering: Enabled Ipv6 reverse path filtering: Disabled Kernel heap randomization: Enabled GCC stack protector support: Disabled Enforce read-only kernel data: Enabled Enforce read-only module data: Enabled Hardened Usercopy: Enabled Hardened Usercopy Pagespan: Disabled Restrict /dev/mem access: Enabled Restrict /dev/kmem access: Enabled * SELinux: Enforcing Checkreqprot: Enabled Deny Unknown: Disabled * grsecurity / PaX: No GRKERNSEC The grsecurity / PaX patchset is available here: http://grsecurity.net/ That output shows GCC stack protector support: Disabled while the kernel configuration file /boot/config-4.18.9-200.fc28.i686 has the GCC strong stack protector enabled as shown in the following lines from that file CONFIG_HAVE_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y checksec-1.7.4-6.fc28 also showed GCC stack protector support: Disabled. Version-Release number of selected component (if applicable): checksec-0:1.8.0-1.fc28.noarch kernel-0:4.18.9-200.fc28.i686 How reproducible: Each time I've tried it Steps to Reproduce: 1. sudo checksec --kernel 2. less /boot/config-4.18.9-200.fc28.i686 3. Actual results: GCC stack protector support: Disabled Expected results: GCC stack protector support: Enabled Additional info:
checksec-1.8.0-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-428ab52499
checksec-1.8.0-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7fc85454e
checksec-1.8.0-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-6994b7f66c
checksec-1.8.0-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7fc85454e
checksec-1.8.0-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-6994b7f66c
checksec-1.8.0-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-428ab52499
checksec-1.8.0-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
checksec-1.8.0-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
checksec-1.8.0-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.