El 18/05/14 06:47, Lennart Poettering escribió:
> On Sat, 17.05.14 12:39, Cristian Rodríguez (crrodrig...@opensuse.org) wrote:
>
>> This is the standard* way used to pass special linker/compiler
>> flags such as -fPIE and -pie
>>
>> * "Standard" in the sense it is understood by many other
>> packages and commonly used by distributions.
>
> I really don't get this. Why would we build our binaries with two
> different sets of options? I mean, our stuff is generally not too
> performance critical, there are no CPU bound inner loops, hence which
> compiler options to you have in mind that we shouldn't apply to all our
> binaries anyway? What should be good for the "secure" binaries, that
> shouldn't be good enough for the others too?
>
> Lennart
>
OK, Let's try the attached patch instead.
--
Cristian
"I don't know the key to success, but the key to failure is trying to
please everybody."
>From 5a65cf524208642565df6ca65738825dc380d1be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodrig...@opensuse.org>
Date: Sun, 18 May 2014 11:46:42 -0400
Subject: [PATCH] build: Compile everything with PIE
---
configure.ac | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configure.ac b/configure.ac
index 30ef33d..469fc2d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -176,6 +176,7 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-fdata-sections \
-fstack-protector \
-fstack-protector-strong \
+ -fPIE \
--param=ssp-buffer-size=4])
AS_CASE([$CFLAGS], [*-O[[12345\ ]]*],
[CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
@@ -195,6 +196,7 @@ CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
-Wl,--gc-sections \
-Wl,-z,relro \
-Wl,-z,now \
+ -pie \
-Wl,-fuse-ld=gold])
AC_SUBST([OUR_LDFLAGS], "$with_ldflags $sanitizer_ldflags")
--
1.8.4.5
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
