Problem: Static binaries are more vulnerable to attacks Fix By: Link with -Wl,-pie Waive If: Don't Example: FAIL: pie test because not built with '-Wl,-pie' (gcc/clang) or '-buildmode pie' (go)
Programs can be compiled to either load at a fixed address in memory (static programs) or at a random address assigned at startup time (dynamic programs). Static programs are more vulnerable to exploits because an attacker will know exactly where every part of the program is located. Thus building dynamic executables is recommended.
This test checks that the appropriate linker option (-pie) has been used to generate dynamic executables. The option is only needed for linking executables, not shared libraries.
Note - this check is related to the The pic test test. This test checks that the correct linker option has been used. That test checks that the correct compile time option has been used.
Note - this test is automatically disabled if the --profile=el7 option is used.
If necessary the test can be disabled via the --skip-pie option and re-enabled via the --test-pie option.