This is valid for all ELF installed by cups that enables pie on its own: checksec --file=/usr/sbin/cupsreject RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE No RELRO No canary found NX enabled PIE_enabled No RPATH No RUNPATH No Symbols No 0 0 /usr/sbin/cupsreject checksec utility comes from app-admin/checksec