On 02/07/17 06:51, Bartłomiej Piotrowski wrote: > On 2017-06-30 23:44, Allan McRae wrote: >> On 30/06/17 19:07, Bartłomiej Piotrowski wrote: >>> On 2016-10-24 05:56, Allan McRae wrote: >>>> 1) building gcc to enable PIE by default >>> >>> I am in the middle of rebuilding gcc with --enable-default-pie. When it >>> finishes, I will start a todo for rebuilding packages with static libraries. >>> >>> I also enabled --enable-default-ssp, which means that >>> -fstack-protector-strong will be dropped from our CFLAGS (as it will be >>> enforced by gcc) on the next opportunity. >>> >> >> Are you adding full RELRO + no-plt at the same time? >> >> A >> > > Yes, and -fstack-check=specific too, although I might drop no-plt if it > will cause too many builders. >
I thought the conclusion from the Stack Clash bugs was that the current -fstack-check was fundamentally flawed and was being completely rewritten for the next gcc. Is the "=specific" version OK?
