On 22/07/14 07:41, Daniel Micay wrote: > A `pie` option is added for wrapping C and C++ compilers and passing the > correct options for building position independent executables. PIE is > required for full address space layout optimization (ASLR) and there is > little to no benefit from ASLR without it since global ELF tables > (GOT/PLT) and application code are at known locations. > > A wrapper script is required in order to pass the correct flags for > executables without changing the flags for libraries. It adds `-pie` > when linking (no `-c` switch) if `-static` or `-shared` are not passed, > and `-fPIE` whenever `-fPIC` is not already there. This technique comes > from the Debian hardening wrappers. > > Position independent code is expensive on i686, so it's only enabled by > default on x86_64 where the cost is negligible. It can be enabled on a > package-by-package basis on i686. The same cost already exists for any > code in a dynamic library.
Why should this be in makepkg? Just like Debian this should be a distribution build system integration rather than in the package manager. Allan
