Dne 19.10.2016 v 14:51 Lodovico Giaretta via Digitalmars-d napsal(a):
Hi!
As you might have noticed, Ubuntu 16.10 joins the community of
hardened systems by shipping GCC 6.2 with PIE enabled by default. This
is a wonderful security choice, but it comes with some problems when
one tries to use DMD. Here is what happened to me.
1) Trying to unittest std.experimental.xml:
I got tons of failed relocations, but I was kind of expecting that.
I was using DUB,
so I added `"lflags": ["-no-pie"]`, but it didn't do anything and I
really don't know
why. Then I tried setting "dflags" with "-fPIC", but it didn't
suffice, as I had to
set "-defaultlib" to "libphobos2.so".
Ok, this finally worked, but it produced PIE executables. What if I
want to use a plain
old fixed-position executable? I didn't manage to do that. Also,
the "default" dmd
call, without any option, should really work out of the box. I
don't really care if by
default it produces PIE or not. I care that I don't have to think
about it unless it's
an important decision for me. And I care that if I want, I can
switch to whatever with
a command line option.
This is possible, it is on package maintainers to do this (compile
druntime and phobos itself with -fPIC and add -fPIC to /etc/dmd.conf)
2) Trying to use DUB seriously:
This is a good reason to have a working default configuration.
While working on the
xml library, I used `dub -b ddox`. Being the first time on the new
system, DUB fetched
ddox and tried to build it. But of course it failed! And that's
because ddox (as every
dub package) does not specify "-fPIC -defaultlib=libphobos2.so", as
it has never been
necessary. I still don't know how to make this work without hacking
ddox.
So, what we really need is either a good tutorial on how to setup
everything so that it "just works", or even better the compiler should
recognize if the linker has hardening enabled by default, and take
actions to either compile with PIC or call the linker with -no-pie.
same as above just add -fPIC to dmd.conf
